Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
7i6bUvYZ4L.exe

Overview

General Information

Sample name:7i6bUvYZ4L.exe
renamed because original name is a hash value
Original sample name:2a1f95489de624041b9216bacef3816a.exe
Analysis ID:1574260
MD5:2a1f95489de624041b9216bacef3816a
SHA1:bc606b762ce292b49f07f36689954bc945274bbf
SHA256:2ddae2d8fda665c0136ba3afc04fdc81221e8ea9fda67bc8676728691d6434b5
Tags:exeSocks5Systemzuser-abuse_ch
Infos:

Detection

Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Socks5Systemz
AI detected suspicious sample
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • 7i6bUvYZ4L.exe (PID: 5820 cmdline: "C:\Users\user\Desktop\7i6bUvYZ4L.exe" MD5: 2A1F95489DE624041B9216BACEF3816A)
    • 7i6bUvYZ4L.tmp (PID: 5944 cmdline: "C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp" /SL5="$20456,3636467,54272,C:\Users\user\Desktop\7i6bUvYZ4L.exe" MD5: B4D4F779EA9E1F6AC0828B0B21EE319A)
      • schtasks.exe (PID: 6256 cmdline: "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125" MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • videominimizer32.exe (PID: 1440 cmdline: "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i MD5: 5FD3D7BFE29EF3FB62C34886D452C6B9)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Users\user\AppData\Local\Video Minimizer 1.77\is-85UUJ.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\ProgramData\EarnPackage\EarnPackage.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        SourceRuleDescriptionAuthorStrings
        00000005.00000002.3319463438.000000000283F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
          00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
            00000005.00000000.2071801857.0000000000401000.00000020.00000001.01000000.00000009.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Process Memory Space: videominimizer32.exe PID: 1440JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
                SourceRuleDescriptionAuthorStrings
                5.0.videominimizer32.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  No Sigma rule has matched
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-13T07:48:02.706192+010020287653Unknown Traffic192.168.2.549788188.119.66.185443TCP
                  2024-12-13T07:48:08.411237+010020287653Unknown Traffic192.168.2.549801188.119.66.185443TCP
                  2024-12-13T07:48:10.711724+010020287653Unknown Traffic192.168.2.549807188.119.66.185443TCP
                  2024-12-13T07:48:13.287990+010020287653Unknown Traffic192.168.2.549817188.119.66.185443TCP
                  2024-12-13T07:48:15.538444+010020287653Unknown Traffic192.168.2.549824188.119.66.185443TCP
                  2024-12-13T07:48:17.790699+010020287653Unknown Traffic192.168.2.549830188.119.66.185443TCP
                  2024-12-13T07:48:20.079064+010020287653Unknown Traffic192.168.2.549837188.119.66.185443TCP
                  2024-12-13T07:48:22.360695+010020287653Unknown Traffic192.168.2.549843188.119.66.185443TCP
                  2024-12-13T07:48:24.812984+010020287653Unknown Traffic192.168.2.549849188.119.66.185443TCP
                  2024-12-13T07:48:27.281540+010020287653Unknown Traffic192.168.2.549855188.119.66.185443TCP
                  2024-12-13T07:48:29.564492+010020287653Unknown Traffic192.168.2.549861188.119.66.185443TCP
                  2024-12-13T07:48:31.832673+010020287653Unknown Traffic192.168.2.549867188.119.66.185443TCP
                  2024-12-13T07:48:34.300091+010020287653Unknown Traffic192.168.2.549873188.119.66.185443TCP
                  2024-12-13T07:48:36.557153+010020287653Unknown Traffic192.168.2.549879188.119.66.185443TCP
                  2024-12-13T07:48:38.998838+010020287653Unknown Traffic192.168.2.549885188.119.66.185443TCP
                  2024-12-13T07:48:41.433801+010020287653Unknown Traffic192.168.2.549891188.119.66.185443TCP
                  2024-12-13T07:48:43.681731+010020287653Unknown Traffic192.168.2.549897188.119.66.185443TCP
                  2024-12-13T07:48:45.932501+010020287653Unknown Traffic192.168.2.549903188.119.66.185443TCP
                  2024-12-13T07:48:48.218492+010020287653Unknown Traffic192.168.2.549909188.119.66.185443TCP
                  2024-12-13T07:48:50.655298+010020287653Unknown Traffic192.168.2.549917188.119.66.185443TCP
                  2024-12-13T07:48:53.421551+010020287653Unknown Traffic192.168.2.549925188.119.66.185443TCP
                  2024-12-13T07:48:55.753506+010020287653Unknown Traffic192.168.2.549931188.119.66.185443TCP
                  2024-12-13T07:48:58.006039+010020287653Unknown Traffic192.168.2.549937188.119.66.185443TCP
                  2024-12-13T07:49:00.288962+010020287653Unknown Traffic192.168.2.549943188.119.66.185443TCP
                  2024-12-13T07:49:02.555384+010020287653Unknown Traffic192.168.2.549949188.119.66.185443TCP
                  2024-12-13T07:49:05.183337+010020287653Unknown Traffic192.168.2.549955188.119.66.185443TCP
                  2024-12-13T07:49:07.456918+010020287653Unknown Traffic192.168.2.549962188.119.66.185443TCP
                  2024-12-13T07:49:09.941935+010020287653Unknown Traffic192.168.2.549968188.119.66.185443TCP
                  2024-12-13T07:49:12.694124+010020287653Unknown Traffic192.168.2.549975188.119.66.185443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-13T07:48:03.498642+010028032742Potentially Bad Traffic192.168.2.549788188.119.66.185443TCP
                  2024-12-13T07:48:09.126710+010028032742Potentially Bad Traffic192.168.2.549801188.119.66.185443TCP
                  2024-12-13T07:48:11.395663+010028032742Potentially Bad Traffic192.168.2.549807188.119.66.185443TCP
                  2024-12-13T07:48:13.972030+010028032742Potentially Bad Traffic192.168.2.549817188.119.66.185443TCP
                  2024-12-13T07:48:16.226782+010028032742Potentially Bad Traffic192.168.2.549824188.119.66.185443TCP
                  2024-12-13T07:48:18.481630+010028032742Potentially Bad Traffic192.168.2.549830188.119.66.185443TCP
                  2024-12-13T07:48:20.783681+010028032742Potentially Bad Traffic192.168.2.549837188.119.66.185443TCP
                  2024-12-13T07:48:23.042386+010028032742Potentially Bad Traffic192.168.2.549843188.119.66.185443TCP
                  2024-12-13T07:48:25.510100+010028032742Potentially Bad Traffic192.168.2.549849188.119.66.185443TCP
                  2024-12-13T07:48:27.970392+010028032742Potentially Bad Traffic192.168.2.549855188.119.66.185443TCP
                  2024-12-13T07:48:30.246401+010028032742Potentially Bad Traffic192.168.2.549861188.119.66.185443TCP
                  2024-12-13T07:48:32.514205+010028032742Potentially Bad Traffic192.168.2.549867188.119.66.185443TCP
                  2024-12-13T07:48:34.981559+010028032742Potentially Bad Traffic192.168.2.549873188.119.66.185443TCP
                  2024-12-13T07:48:37.242885+010028032742Potentially Bad Traffic192.168.2.549879188.119.66.185443TCP
                  2024-12-13T07:48:39.681829+010028032742Potentially Bad Traffic192.168.2.549885188.119.66.185443TCP
                  2024-12-13T07:48:42.116378+010028032742Potentially Bad Traffic192.168.2.549891188.119.66.185443TCP
                  2024-12-13T07:48:44.364047+010028032742Potentially Bad Traffic192.168.2.549897188.119.66.185443TCP
                  2024-12-13T07:48:46.609426+010028032742Potentially Bad Traffic192.168.2.549903188.119.66.185443TCP
                  2024-12-13T07:48:48.900934+010028032742Potentially Bad Traffic192.168.2.549909188.119.66.185443TCP
                  2024-12-13T07:48:51.338712+010028032742Potentially Bad Traffic192.168.2.549917188.119.66.185443TCP
                  2024-12-13T07:48:54.109422+010028032742Potentially Bad Traffic192.168.2.549925188.119.66.185443TCP
                  2024-12-13T07:48:56.437089+010028032742Potentially Bad Traffic192.168.2.549931188.119.66.185443TCP
                  2024-12-13T07:48:58.728588+010028032742Potentially Bad Traffic192.168.2.549937188.119.66.185443TCP
                  2024-12-13T07:49:00.974599+010028032742Potentially Bad Traffic192.168.2.549943188.119.66.185443TCP
                  2024-12-13T07:49:03.336156+010028032742Potentially Bad Traffic192.168.2.549949188.119.66.185443TCP
                  2024-12-13T07:49:05.869130+010028032742Potentially Bad Traffic192.168.2.549955188.119.66.185443TCP
                  2024-12-13T07:49:08.139068+010028032742Potentially Bad Traffic192.168.2.549962188.119.66.185443TCP
                  2024-12-13T07:49:10.924857+010028032742Potentially Bad Traffic192.168.2.549968188.119.66.185443TCP
                  2024-12-13T07:49:13.375157+010028032742Potentially Bad Traffic192.168.2.549975188.119.66.185443TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeReversingLabs: Detection: 50%
                  Source: 7i6bUvYZ4L.exeVirustotal: Detection: 26%Perma Link
                  Source: 7i6bUvYZ4L.exeReversingLabs: Detection: 28%
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJoe Sandbox ML: detected
                  Source: C:\ProgramData\EarnPackage\EarnPackage.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045CFD8 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,1_2_0045CFD8
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045D08C ArcFourCrypt,1_2_0045D08C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045D0A4 ArcFourCrypt,1_2_0045D0A4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_10001130 ArcFourCrypt,1_2_10001130

                  Compliance

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack
                  Source: 7i6bUvYZ4L.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Minimizer_is1Jump to behavior
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.5:49788 version: TLS 1.2
                  Source: Binary string: msvcp71.pdbx# source: is-02STJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb< source: is-03TUS.tmp.1.dr
                  Source: Binary string: msvcp71.pdb source: is-02STJ.tmp.1.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-89SPJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb source: is-03TUS.tmp.1.dr
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00474DFC FindFirstFileA,FindNextFileA,FindClose,1_2_00474DFC
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004625C4 FindFirstFileA,FindNextFileA,FindClose,1_2_004625C4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00463B50 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463B50
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00497C14 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00497C14
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00463FCC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463FCC
                  Source: global trafficTCP traffic: 192.168.2.5:49794 -> 31.214.157.206:2024
                  Source: Joe Sandbox ViewIP Address: 31.214.157.206 31.214.157.206
                  Source: Joe Sandbox ViewIP Address: 188.119.66.185 188.119.66.185
                  Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49817 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49807 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49824 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49837 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49843 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49788 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49801 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49855 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49867 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49873 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49861 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49879 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49885 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49897 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49891 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49830 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49903 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49849 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49931 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49925 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49937 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49909 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49943 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49968 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49975 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49917 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49949 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49955 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.5:49962 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49843 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49830 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49879 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49824 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49885 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49861 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49788 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49817 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49867 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49801 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49837 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49807 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49937 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49931 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49873 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49891 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49909 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49849 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49917 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49855 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49949 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49943 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49955 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49903 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49975 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49897 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49925 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49962 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49968 -> 188.119.66.185:443
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250aa15d005633775b0e650f7ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231bd73884 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CC2015 InternetReadFile,5_2_02CC2015
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250aa15d005633775b0e650f7ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231bd73884 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drString found in binary or memory: http://liba52.sourceforge.net/B6.4.0.1
                  Source: videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drString found in binary or memory: http://www.audiocoding.com/
                  Source: 7i6bUvYZ4L.tmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drString found in binary or memory: http://www.innosetup.com/
                  Source: 7i6bUvYZ4L.exe, 00000000.00000003.2059003473.0000000002098000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058783096.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
                  Source: 7i6bUvYZ4L.exe, 00000000.00000003.2059003473.0000000002098000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058783096.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drString found in binary or memory: http://www.remobjects.com/psU
                  Source: videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drString found in binary or memory: http://www.videolan.org/dtsdec.html96.4.0.2
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.0000000003330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/3
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/a
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b325
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/d&
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-GB
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-US
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.0000000003330000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/g
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/priseCertificates
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/x4
                  Source: 7i6bUvYZ4L.exe, 00000000.00000002.3317502381.0000000002091000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058215286.0000000002091000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058116531.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000003.2060319077.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317751927.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000003.2060487138.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3319178949.0000000002178000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.5:49788 version: TLS 1.2
                  Source: is-89SPJ.tmp.1.drBinary or memory string: DirectDrawCreateExmemstr_ff8cf039-3
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0042F520 NtdllDefWindowProc_A,1_2_0042F520
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00423B84 NtdllDefWindowProc_A,1_2_00423B84
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004125D8 NtdllDefWindowProc_A,1_2_004125D8
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004785E0 NtdllDefWindowProc_A,1_2_004785E0
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004573E0 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,1_2_004573E0
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0042E934: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,1_2_0042E934
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_0040840C0_2_0040840C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004804DB1_2_004804DB
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0047051C1_2_0047051C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004672181_2_00467218
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004352C81_2_004352C8
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0043DD501_2_0043DD50
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0043035C1_2_0043035C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004444C81_2_004444C8
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004345C41_2_004345C4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004866B41_2_004866B4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00444A701_2_00444A70
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00430EE81_2_00430EE8
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045EF381_2_0045EF38
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045AFC41_2_0045AFC4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004451681_2_00445168
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004692781_2_00469278
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004455741_2_00445574
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004876141_2_00487614
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0048D9F01_2_0048D9F0
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004519BC1_2_004519BC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_004010515_2_00401051
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00401C265_2_00401C26
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_004070A75_2_004070A7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609660FA5_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092114F5_2_6092114F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6091F2C95_2_6091F2C9
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096923E5_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093323D5_2_6093323D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095C3145_2_6095C314
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609503125_2_60950312
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094D33B5_2_6094D33B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093B3685_2_6093B368
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096748C5_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093F42E5_2_6093F42E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609544705_2_60954470
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609615FA5_2_609615FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A5EE5_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096D6A45_2_6096D6A4
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609606A85_2_609606A8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609326545_2_60932654
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609556655_2_60955665
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B7DB5_2_6094B7DB
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092F74D5_2_6092F74D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609648075_2_60964807
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094E9BC5_2_6094E9BC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609379295_2_60937929
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093FAD65_2_6093FAD6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096DAE85_2_6096DAE8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094DA3A5_2_6094DA3A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60936B275_2_60936B27
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60954CF65_2_60954CF6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60950C6B5_2_60950C6B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60966DF15_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60963D355_2_60963D35
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60909E9C5_2_60909E9C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60951E865_2_60951E86
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60912E0B5_2_60912E0B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60954FF85_2_60954FF8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5BAED5_2_02C5BAED
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C62A705_2_02C62A70
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5D31F5_2_02C5D31F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C570B05_2_02C570B0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C4E06F5_2_02C4E06F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C6266D5_2_02C6266D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5BF055_2_02C5BF05
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5873A5_2_02C5873A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5B5F95_2_02C5B5F9
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C60DA45_2_02C60DA4
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\EarnPackage\sqlite3.dll 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: String function: 02C62A00 appears 136 times
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: String function: 02C57750 appears 32 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00408C0C appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00406AC4 appears 43 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 0040595C appears 117 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00403400 appears 60 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00445DD4 appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 004344DC appears 32 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 004078F4 appears 42 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00457D6C appears 73 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00403494 appears 82 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00403684 appears 224 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00457B60 appears 97 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 00453344 appears 94 times
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: String function: 004460A4 appears 59 times
                  Source: 7i6bUvYZ4L.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: 7i6bUvYZ4L.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: 7i6bUvYZ4L.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: 7i6bUvYZ4L.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: is-0AE1V.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: is-0AE1V.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: is-0AE1V.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: sqlite3.dll.5.drStatic PE information: Number of sections : 19 > 10
                  Source: is-L2G4K.tmp.1.drStatic PE information: Number of sections : 19 > 10
                  Source: 7i6bUvYZ4L.exe, 00000000.00000003.2059003473.0000000002098000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs 7i6bUvYZ4L.exe
                  Source: 7i6bUvYZ4L.exe, 00000000.00000003.2058783096.0000000002340000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs 7i6bUvYZ4L.exe
                  Source: 7i6bUvYZ4L.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: videominimizer32.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: EarnPackage.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@8/30@0/2
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C4F8C0 _memset,FormatMessageA,GetLastError,FormatMessageA,GetLastError,5_2_02C4F8C0
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00455E0C GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,1_2_00455E0C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CloseServiceHandle,CreateServiceA,5_2_00402319
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0046DF58 GetVersion,CoCreateInstance,1_2_0046DF58
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409BEC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402B64 StartServiceCtrlDispatcherA,5_2_00402B64
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402B64 StartServiceCtrlDispatcherA,5_2_00402B64
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:320:120:WilError_03
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeFile created: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmpJump to behavior
                  Source: Yara matchFile source: 5.0.videominimizer32.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000000.2071801857.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-85UUJ.tmp, type: DROPPED
                  Source: Yara matchFile source: C:\ProgramData\EarnPackage\EarnPackage.exe, type: DROPPED
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000003.2074251160.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.5.dr, is-L2G4K.tmp.1.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                  Source: 7i6bUvYZ4L.exeVirustotal: Detection: 26%
                  Source: 7i6bUvYZ4L.exeReversingLabs: Detection: 28%
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeFile read: C:\Users\user\Desktop\7i6bUvYZ4L.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\7i6bUvYZ4L.exe "C:\Users\user\Desktop\7i6bUvYZ4L.exe"
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp "C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp" /SL5="$20456,3636467,54272,C:\Users\user\Desktop\7i6bUvYZ4L.exe"
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeProcess created: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp "C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp" /SL5="$20456,3636467,54272,C:\Users\user\Desktop\7i6bUvYZ4L.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -iJump to behavior
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: sfc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: sqlite3.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpWindow found: window name: TMainFormJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Minimizer_is1Jump to behavior
                  Source: 7i6bUvYZ4L.exeStatic file information: File size 3885247 > 1048576
                  Source: Binary string: msvcp71.pdbx# source: is-02STJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb< source: is-03TUS.tmp.1.dr
                  Source: Binary string: msvcp71.pdb source: is-02STJ.tmp.1.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-89SPJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb source: is-03TUS.tmp.1.dr

                  Data Obfuscation

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack .text:ER;_abtt_1:R;_actt_1:W;.rsrc:R;_adtt_1:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _abtt_1
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _actt_1
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _adtt_1
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /4
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /19
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /35
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /51
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /63
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /77
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /89
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /102
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /113
                  Source: is-L2G4K.tmp.1.drStatic PE information: section name: /124
                  Source: is-89SPJ.tmp.1.drStatic PE information: section name: Shared
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _abtt_1
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _actt_1
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _adtt_1
                  Source: sqlite3.dll.5.drStatic PE information: section name: /4
                  Source: sqlite3.dll.5.drStatic PE information: section name: /19
                  Source: sqlite3.dll.5.drStatic PE information: section name: /35
                  Source: sqlite3.dll.5.drStatic PE information: section name: /51
                  Source: sqlite3.dll.5.drStatic PE information: section name: /63
                  Source: sqlite3.dll.5.drStatic PE information: section name: /77
                  Source: sqlite3.dll.5.drStatic PE information: section name: /89
                  Source: sqlite3.dll.5.drStatic PE information: section name: /102
                  Source: sqlite3.dll.5.drStatic PE information: section name: /113
                  Source: sqlite3.dll.5.drStatic PE information: section name: /124
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040994C push 00409989h; ret 1_2_00409981
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00483A6C push 00483B7Ah; ret 1_2_00483B72
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004062B4 push ecx; mov dword ptr [esp], eax1_2_004062B5
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004104E0 push ecx; mov dword ptr [esp], edx1_2_004104E5
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0049481C push ecx; mov dword ptr [esp], ecx1_2_00494821
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00412928 push 0041298Bh; ret 1_2_00412983
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040CE38 push ecx; mov dword ptr [esp], edx1_2_0040CE3A
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0048515C push ecx; mov dword ptr [esp], ecx1_2_00485161
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00459120 push 00459164h; ret 1_2_0045915C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040F398 push ecx; mov dword ptr [esp], edx1_2_0040F39A
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00443440 push ecx; mov dword ptr [esp], ecx1_2_00443444
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040546D push eax; ret 1_2_004054A9
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040553D push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004055BE push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00477628 push ecx; mov dword ptr [esp], edx1_2_00477629
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0040563B push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004517F8 push 0045182Bh; ret 1_2_00451823
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004519BC push ecx; mov dword ptr [esp], eax1_2_004519C1
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045FB90 push ecx; mov dword ptr [esp], ecx1_2_0045FB94
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00419C28 push ecx; mov dword ptr [esp], ecx1_2_00419C2D
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00499D1C pushad ; retf 1_2_00499D2B
                  Source: videominimizer32.exe.1.drStatic PE information: section name: .text entropy: 7.7502217175271815
                  Source: EarnPackage.exe.5.drStatic PE information: section name: .text entropy: 7.7502217175271815

                  Persistence and Installation Behavior

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_00401A4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_02C4E898
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-02STJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-0AE1V.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-B7V4E.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\sqlite3.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-L2G4K.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-OG6A3.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-03TUS.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeFile created: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-89SPJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-TCRKR.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\EarnPackage.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\EarnPackage.exeJump to dropped file

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_00401A4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_02C4E898
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402B64 StartServiceCtrlDispatcherA,5_2_00402B64
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004241DC IsIconic,SetActiveWindow,SetFocus,1_2_004241DC
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00424194 IsIconic,SetActiveWindow,1_2_00424194
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00418384 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,1_2_00418384
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0042285C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,1_2_0042285C
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00483420 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,1_2_00483420
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00417598 IsIconic,GetCapture,1_2_00417598
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00417CCE IsIconic,SetWindowPos,1_2_00417CCE
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00417CD0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,1_2_00417CD0
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0041F118 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_0041F118
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,5_2_00401B4B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,5_2_02C4E99C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeWindow / User API: threadDelayed 9774Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-02STJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-0AE1V.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-B7V4E.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-L2G4K.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-OG6A3.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-03TUS.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-89SPJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-TCRKR.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5543
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_5-61727
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 3176Thread sleep count: 153 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 3176Thread sleep time: -306000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 1900Thread sleep time: -1380000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 3176Thread sleep count: 9774 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 3176Thread sleep time: -19548000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00474DFC FindFirstFileA,FindNextFileA,FindClose,1_2_00474DFC
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004625C4 FindFirstFileA,FindNextFileA,FindClose,1_2_004625C4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00463B50 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463B50
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00497C14 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00497C14
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00463FCC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463FCC
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B30
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: videominimizer32.exe, 00000005.00000002.3318191052.0000000000A98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX}2
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.0000000003322000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: videominimizer32.exe, 00000005.00000002.3319966465.0000000003322000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,n.
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeAPI call chain: ExitProcess graph end nodegraph_0-6675
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeAPI call chain: ExitProcess graph end nodegraph_5-61509
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_5-61623
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C580F0 IsDebuggerPresent,5_2_02C580F0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C5E6AE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,5_2_02C5E6AE
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C45E4F RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,5_2_02C45E4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C580DA SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_02C580DA
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00478024 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_00478024
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0042E09C AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_0042E09C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02C4E850 cpuid 5_2_02C4E850
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: GetLocaleInfoA,0_2_0040520C
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: GetLocaleInfoA,0_2_00405258
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: GetLocaleInfoA,1_2_00408568
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: GetLocaleInfoA,1_2_004085B4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_00458418 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,1_2_00458418
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
                  Source: C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmpCode function: 1_2_0045559C GetUserNameA,1_2_0045559C
                  Source: C:\Users\user\Desktop\7i6bUvYZ4L.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 00000005.00000002.3319463438.000000000283F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videominimizer32.exe PID: 1440, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 00000005.00000002.3319463438.000000000283F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videominimizer32.exe PID: 1440, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,5_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,5_2_6090C1D6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,5_2_60963143
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,5_2_6096A2BD
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,5_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,5_2_6096A38C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,5_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,5_2_609254B1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,5_2_6094B407
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090F435 sqlite3_bind_parameter_index,5_2_6090F435
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,5_2_609255D4
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609255FF sqlite3_bind_text,5_2_609255FF
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,5_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,5_2_6094B54C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,5_2_60925686
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,5_2_6094A6C5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,5_2_609256E5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,5_2_6094B6ED
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092562A sqlite3_bind_blob,5_2_6092562A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,5_2_60925655
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,5_2_6094C64A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,5_2_609687A7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,5_2_6095F7F7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,5_2_6092570B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095F772
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,5_2_60925778
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090577D sqlite3_bind_parameter_name,5_2_6090577D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,5_2_6094B764
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090576B sqlite3_bind_parameter_count,5_2_6090576B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,5_2_6094A894
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095F883
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,5_2_6094C8C2
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,5_2_6096281E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,5_2_6096583A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,5_2_6095F9AD
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6094A92B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090EAE5 sqlite3_transfer_bindings,5_2_6090EAE5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,5_2_6095FB98
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,5_2_6095ECA6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095FCCE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,5_2_6095FDAE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,5_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,5_2_60969D75
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,5_2_6095FFB2
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API
                  1
                  DLL Side-Loading
                  1
                  Exploitation for Privilege Escalation
                  1
                  Deobfuscate/Decode Files or Information
                  1
                  Input Capture
                  1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  2
                  Ingress Tool Transfer
                  Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job
                  5
                  Windows Service
                  1
                  DLL Side-Loading
                  3
                  Obfuscated Files or Information
                  LSASS Memory1
                  Account Discovery
                  Remote Desktop Protocol1
                  Input Capture
                  21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Service Execution
                  1
                  Scheduled Task/Job
                  1
                  Access Token Manipulation
                  22
                  Software Packing
                  Security Account Manager2
                  File and Directory Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Bootkit
                  5
                  Windows Service
                  1
                  DLL Side-Loading
                  NTDS35
                  System Information Discovery
                  Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                  Process Injection
                  1
                  Masquerading
                  LSA Secrets241
                  Security Software Discovery
                  SSHKeylogging12
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                  Scheduled Task/Job
                  121
                  Virtualization/Sandbox Evasion
                  Cached Domain Credentials1
                  Process Discovery
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Access Token Manipulation
                  DCSync121
                  Virtualization/Sandbox Evasion
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                  Process Injection
                  Proc Filesystem11
                  Application Window Discovery
                  Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Bootkit
                  /etc/passwd and /etc/shadow3
                  System Owner/User Discovery
                  Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery
                  Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  7i6bUvYZ4L.exe26%VirustotalBrowse
                  7i6bUvYZ4L.exe29%ReversingLabsWin32.Trojan.Munp
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe100%Joe Sandbox ML
                  C:\ProgramData\EarnPackage\EarnPackage.exe100%Joe Sandbox ML
                  C:\ProgramData\EarnPackage\sqlite3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_iscrypt.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_setup64.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-FIBLN.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp3%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-02STJ.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-03TUS.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-89SPJ.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-B7V4E.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-L2G4K.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-OG6A3.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-TCRKR.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\sqlite3.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-0AE1V.tmp3%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)3%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe50%ReversingLabsWin32.PUA.ICLoader
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  http://liba52.sourceforge.net/B6.4.0.10%Avira URL Cloudsafe
                  https://188.119.66.185/30%Avira URL Cloudsafe
                  https://188.119.66.185/priseCertificates0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd418790%Avira URL Cloudsafe
                  https://188.119.66.185/d&0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c40%Avira URL Cloudsafe
                  https://188.119.66.185/en-US0%Avira URL Cloudsafe
                  https://188.119.66.185/en-GB0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250aa15d005633775b0e650f7ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231bd738840%Avira URL Cloudsafe
                  https://188.119.66.185/priseCertificates1%VirustotalBrowse
                  https://188.119.66.185/a0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c550%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250%Avira URL Cloudsafe
                  https://188.119.66.185/x40%Avira URL Cloudsafe
                  https://188.119.66.185/g0%Avira URL Cloudsafe
                  http://www.audiocoding.com/0%Avira URL Cloudsafe
                  No contacted domains info
                  NameMaliciousAntivirus DetectionReputation
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250aa15d005633775b0e650f7ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231bd73884false
                  • Avira URL Cloud: safe
                  unknown
                  https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55false
                  • Avira URL Cloud: safe
                  unknown
                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.innosetup.com/7i6bUvYZ4L.tmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drfalse
                    high
                    https://188.119.66.185/d&videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://188.119.66.185/3videominimizer32.exe, 00000005.00000002.3319966465.0000000003330000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.remobjects.com/psU7i6bUvYZ4L.exe, 00000000.00000003.2059003473.0000000002098000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058783096.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drfalse
                      high
                      https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879videominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://188.119.66.185/priseCertificatesvideominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      unknown
                      http://liba52.sourceforge.net/B6.4.0.1videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4videominimizer32.exe, 00000005.00000002.3318191052.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://188.119.66.185/en-USvideominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.videolan.org/dtsdec.html96.4.0.2videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drfalse
                        high
                        https://188.119.66.185/videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://188.119.66.185/en-GBvideominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://188.119.66.185/avideominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.remobjects.com/ps7i6bUvYZ4L.exe, 00000000.00000003.2059003473.0000000002098000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058783096.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-0AE1V.tmp.1.dr, 7i6bUvYZ4L.tmp.0.drfalse
                            high
                            https://www.easycutstudio.com/support.html7i6bUvYZ4L.exe, 00000000.00000002.3317502381.0000000002091000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058215286.0000000002091000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.exe, 00000000.00000003.2058116531.0000000002340000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000003.2060319077.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3317751927.00000000006A5000.00000004.00000020.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000003.2060487138.0000000002178000.00000004.00001000.00020000.00000000.sdmp, 7i6bUvYZ4L.tmp, 00000001.00000002.3319178949.0000000002178000.00000004.00001000.00020000.00000000.sdmpfalse
                              high
                              https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eeevideominimizer32.exe, 00000005.00000002.3319966465.00000000033AB000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://188.119.66.185/ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b325videominimizer32.exe, 00000005.00000002.3318191052.0000000000B88000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://188.119.66.185/x4videominimizer32.exe, 00000005.00000002.3318191052.0000000000B72000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.audiocoding.com/videominimizer32.exe, 00000005.00000000.2071903859.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-85UUJ.tmp.1.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://188.119.66.185/gvideominimizer32.exe, 00000005.00000002.3319966465.0000000003330000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              31.214.157.206
                              unknownGermany
                              58329RACKPLACEDEfalse
                              188.119.66.185
                              unknownRussian Federation
                              209499FLYNETRUfalse
                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1574260
                              Start date and time:2024-12-13 07:46:11 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 6m 48s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:8
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:7i6bUvYZ4L.exe
                              renamed because original name is a hash value
                              Original Sample Name:2a1f95489de624041b9216bacef3816a.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@8/30@0/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:
                              • Successful, ratio: 92%
                              • Number of executed functions: 203
                              • Number of non-executed functions: 262
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                              • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63, 4.245.163.56
                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              TimeTypeDescription
                              01:47:42API Interceptor542660x Sleep call for process: videominimizer32.exe modified
                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              31.214.157.206file.exeGet hashmaliciousSocks5SystemzBrowse
                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                        file.exeGet hashmaliciousSocks5SystemzBrowse
                                          file.exeGet hashmaliciousSocks5SystemzBrowse
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                              188.119.66.185file.exeGet hashmaliciousSocks5SystemzBrowse
                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                        file.exeGet hashmaliciousSocks5SystemzBrowse
                                                          file.exeGet hashmaliciousSocks5SystemzBrowse
                                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  No context
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  RACKPLACEDEfile.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 31.214.157.206
                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                  • 31.214.157.124
                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 31.214.157.226
                                                                  FLYNETRUfile.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  https://drive.google.com/file/d/1yoYdaJg2olHzjqEKXjn6nnXKPPak7HoL/view?usp=sharing_eil&ts=675747b9Get hashmaliciousUnknownBrowse
                                                                  • 188.119.66.154
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  17Xmvtq2Tq.exeGet hashmaliciousVidarBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  • 188.119.66.185
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\ProgramData\EarnPackage\sqlite3.dllfile.exeGet hashmaliciousSocks5SystemzBrowse
                                                                    imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                          file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                    file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):3026876
                                                                                      Entropy (8bit):6.3964107364640705
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:NGJsQIyAh4pimPL6X9dqx2GqAOr5T7ptw/b1f3SGOytmg:IxnI39kx2GqAOdTltwz1fBbtd
                                                                                      MD5:5FD3D7BFE29EF3FB62C34886D452C6B9
                                                                                      SHA1:378812DC2C3E9DD22AB203C8AD35E1172BA83B1E
                                                                                      SHA-256:BF9E1E519218C12AE4048225F3BBA82CCCF88BD26BE28DEFEE0187E09B08353E
                                                                                      SHA-512:EDF4866BF09280BD0C09454F9EC0FBA79E596C8B4042F63B3AE578C8836DF2A9BF48676B218CFB3027B14C31E28731EEBD979E437E3726391A04EA611C72126B
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\EarnPackage\EarnPackage.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Reputation:low
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...".[g.....................(.......]............@..................................h...............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):645592
                                                                                      Entropy (8bit):6.50414583238337
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: imMQqf6YWk.exe, Detection: malicious, Browse
                                                                                      • Filename: imMQqf6YWk.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                      Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      File Type:ISO-8859 text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):8
                                                                                      Entropy (8bit):2.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Hl:Hl
                                                                                      MD5:D388A29C6E1BEEB9E045BF63215D2F0D
                                                                                      SHA1:7BDBB13968EF16954A9EB5D174F526336245A176
                                                                                      SHA-256:C5619726EC845DCF13FDF7E9A6011847B946D43F3378071736A71105267FB51A
                                                                                      SHA-512:AB064884B92A0D80B874AA8B67329FEEB8C4C179BB823DF700364D2BBD1F4F04ABEF6D47C0107774D212986C63E497EBAF2B2E5A90CD9F350C808B025F2A6519
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:..[g....
                                                                                      Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):4
                                                                                      Entropy (8bit):0.8112781244591328
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Xln:1
                                                                                      MD5:ED69DFADEF68FC181AAE2D22715A01D6
                                                                                      SHA1:3A9981C3761721792B7702231583758AE5ACF8A7
                                                                                      SHA-256:3EF3BD3D6658C0DFDFDD7AA65E3D92BF1DA9A04678A4ED2A5D84ED824EC91775
                                                                                      SHA-512:B70AF13C96AC7C3AC97C84F9EFC1F38794B190635AB602CE35C8572B9C3597DD1A4ABBFFCCB3AD8AE76CDB247C221168F2D45B7225A56444FF445937921FC318
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:....
                                                                                      Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):128
                                                                                      Entropy (8bit):2.9012093522336393
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:ObXXXd0AbDBdUBWetxt:Or9Lb3UFx
                                                                                      MD5:679DD163372163CD8FFC24E3C9E758B3
                                                                                      SHA1:F307C14CA65810C8D0238B89B49B2ACD7C5B233B
                                                                                      SHA-256:510EA89D00FA427C33BD67AEEA60D21066976F085959C2AFE1F69411A8CA722D
                                                                                      SHA-512:46C464F15BCE39E28DCD48AF36C424845631D2B48D7E37D7FBBBEE0BC4DF32445A2810E397BF29FCA76C0364B1AA30CC05DCF4D9E799C6C697B49A174560969C
                                                                                      Malicious:false
                                                                                      Preview:12b48997735ce8b4537cf99be74bb62f518d3799011c89eb7c719048e83fac56................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):2560
                                                                                      Entropy (8bit):2.8818118453929262
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                      MD5:A69559718AB506675E907FE49DEB71E9
                                                                                      SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                      SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                      SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):6144
                                                                                      Entropy (8bit):4.289297026665552
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc
                                                                                      MD5:C8871EFD8AF2CF4D9D42D1FF8FADBF89
                                                                                      SHA1:D0EACD5322C036554D509C7566F0BCC7607209BD
                                                                                      SHA-256:E4FC574A01B272C2D0AED0EC813F6D75212E2A15A5F5C417129DD65D69768F40
                                                                                      SHA-512:2735BB610060F749E26ACD86F2DF2B8A05F2BDD3DCCF3E4B2946EBB21BA0805FB492C474B1EEB2C5B8BF1A421F7C1B8728245F649C644F4A9ECC5BD8770A16F6
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....HP..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):23312
                                                                                      Entropy (8bit):4.596242908851566
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                      MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                      SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                      SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                      SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\Desktop\7i6bUvYZ4L.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):705536
                                                                                      Entropy (8bit):6.505787173623696
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:kTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyF:4PcYn5c/rPx37/zHBA6pDp2mIEi4CRx+
                                                                                      MD5:B4D4F779EA9E1F6AC0828B0B21EE319A
                                                                                      SHA1:7862EA3B0C9EAE8E4E24125D63E5A8DDBC0BF588
                                                                                      SHA-256:422CF23BE87C93223D11DAA8E74C3C8C5AF80C70CD8EFF1F501DA70E612014A6
                                                                                      SHA-512:EC52C6F8B83C5088BE39988F067D93C6A183A95C98B5BBE4119625F7925C3F274F969271722C3171300CF4943D076B0DDD1A6D5ED38EDE849A3976BADC99D065
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):265728
                                                                                      Entropy (8bit):6.4472652154517345
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                      MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                      SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                      SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                      SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1645320
                                                                                      Entropy (8bit):6.787752063353702
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                      MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                      SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                      SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                      SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499712
                                                                                      Entropy (8bit):6.414789978441117
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                      MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                      SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                      SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                      SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):348160
                                                                                      Entropy (8bit):6.542655141037356
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                      MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                      SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                      SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                      SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):3026876
                                                                                      Entropy (8bit):6.396410269484811
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:OGJsQIyAh4pimPL6X9dqx2GqAOr5T7ptw/b1f3SGOytmg:DxnI39kx2GqAOdTltwz1fBbtd
                                                                                      MD5:6FE1981B30D0AD4BC8435EC5366B8822
                                                                                      SHA1:2EACC297319602C3C77E7949E38B6BB6EC373531
                                                                                      SHA-256:9B10FCDEE748F8AFF3AFAADA45F5C12C07775F22D4C83608673C5DF3EA3B24EC
                                                                                      SHA-512:33B18E01204B921EF33DCEDB631FA7A680C044EB13DCAD0C99FBEB59591FF64EC67575554AF1DF5354562C41E31E10B595AEDBF126054FE6603748D11C82BF38
                                                                                      Malicious:false
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-85UUJ.tmp, Author: Joe Security
                                                                                      Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...".[g.....................(.......]............@..................................h...............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1645320
                                                                                      Entropy (8bit):6.787752063353702
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                      MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                      SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                      SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                      SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):176128
                                                                                      Entropy (8bit):6.204917493416147
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                      MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                      SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                      SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                      SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):645592
                                                                                      Entropy (8bit):6.50414583238337
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                      Category:dropped
                                                                                      Size (bytes):78183
                                                                                      Entropy (8bit):7.692742945771669
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                      MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                      SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                      SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                      SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                      Malicious:false
                                                                                      Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):445440
                                                                                      Entropy (8bit):6.439135831549689
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                      MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                      SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                      SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                      SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):265728
                                                                                      Entropy (8bit):6.4472652154517345
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                      MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                      SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                      SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                      SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):445440
                                                                                      Entropy (8bit):6.439135831549689
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                      MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                      SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                      SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                      SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):499712
                                                                                      Entropy (8bit):6.414789978441117
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                      MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                      SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                      SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                      SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):348160
                                                                                      Entropy (8bit):6.542655141037356
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                      MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                      SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                      SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                      SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):645592
                                                                                      Entropy (8bit):6.50414583238337
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                      MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                      SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                      SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                      SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):716789
                                                                                      Entropy (8bit):6.514245354995985
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:sTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyFJ:wPcYn5c/rPx37/zHBA6pDp2mIEi4CRxe
                                                                                      MD5:DAE3749FEB9FFE7F74FB1BFF7A3B0922
                                                                                      SHA1:CA65A423D082614D9A4740A4C7F05B60083D409D
                                                                                      SHA-256:64A62CC1B82D79E62FAA3487D07B780EA8D7C3779139AAB969E257708677E2B4
                                                                                      SHA-512:3A58EDA117AA1B1CF1CDDC8B46900D7868375475665554FAF7F06F9C222AE2AD8EEBA211A31F51F16FBB08A7AA6C812F8B7937D6E9682F59B8B8A03AE58766FF
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:InnoSetup Log Video Minimizer, version 0x30, 4844 bytes, 841618\user, "C:\Users\user\AppData\Local\Video Minimizer 1.77"
                                                                                      Category:dropped
                                                                                      Size (bytes):4844
                                                                                      Entropy (8bit):4.7742957203181104
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:lcZyPtW8j289pkcZamn9e+eOIhEsa7ICSss/Lnmv4LPHNMOqtGEC9S:btW8iapkcpNHIh4ICSsAnzG
                                                                                      MD5:8635D494F011029EEDCD71D83F1238E0
                                                                                      SHA1:DB9F630A0D887FDA1E04E4E2DDC1EC051C65D1F6
                                                                                      SHA-256:0D97160E15DCB98AD37D83A649667E3EEDF3D160232952CC9FD285293A293232
                                                                                      SHA-512:3F9E57AE44F7B9065143A82EAD0D0E0302F2425845FAE376A7A6C0122577A926089784A975555D11EC017E984971D9CBA6723DED23C7F79E00A4222F16A6EF53
                                                                                      Malicious:false
                                                                                      Preview:Inno Setup Uninstall Log (b)....................................Video Minimizer.................................................................................................................Video Minimizer.................................................................................................................0...........%...............................................................................................................i..%........XQr(......S....841618.user2C:\Users\user\AppData\Local\Video Minimizer 1.77.........../...... ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:Use
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):716789
                                                                                      Entropy (8bit):6.514245354995985
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:sTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyFJ:wPcYn5c/rPx37/zHBA6pDp2mIEi4CRxe
                                                                                      MD5:DAE3749FEB9FFE7F74FB1BFF7A3B0922
                                                                                      SHA1:CA65A423D082614D9A4740A4C7F05B60083D409D
                                                                                      SHA-256:64A62CC1B82D79E62FAA3487D07B780EA8D7C3779139AAB969E257708677E2B4
                                                                                      SHA-512:3A58EDA117AA1B1CF1CDDC8B46900D7868375475665554FAF7F06F9C222AE2AD8EEBA211A31F51F16FBB08A7AA6C812F8B7937D6E9682F59B8B8A03AE58766FF
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:MS Windows HtmlHelp Data
                                                                                      Category:dropped
                                                                                      Size (bytes):78183
                                                                                      Entropy (8bit):7.692742945771669
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                      MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                      SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                      SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                      SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                      Malicious:false
                                                                                      Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):176128
                                                                                      Entropy (8bit):6.204917493416147
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                      MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                      SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                      SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                      SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:modified
                                                                                      Size (bytes):3026876
                                                                                      Entropy (8bit):6.3964107364640705
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:NGJsQIyAh4pimPL6X9dqx2GqAOr5T7ptw/b1f3SGOytmg:IxnI39kx2GqAOdTltwz1fBbtd
                                                                                      MD5:5FD3D7BFE29EF3FB62C34886D452C6B9
                                                                                      SHA1:378812DC2C3E9DD22AB203C8AD35E1172BA83B1E
                                                                                      SHA-256:BF9E1E519218C12AE4048225F3BBA82CCCF88BD26BE28DEFEE0187E09B08353E
                                                                                      SHA-512:EDF4866BF09280BD0C09454F9EC0FBA79E596C8B4042F63B3AE578C8836DF2A9BF48676B218CFB3027B14C31E28731EEBD979E437E3726391A04EA611C72126B
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, Author: Joe Security
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 50%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L...".[g.....................(.......]............@..................................h...............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.998217712290572
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 98.86%
                                                                                      • Inno Setup installer (109748/4) 1.08%
                                                                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      File name:7i6bUvYZ4L.exe
                                                                                      File size:3'885'247 bytes
                                                                                      MD5:2a1f95489de624041b9216bacef3816a
                                                                                      SHA1:bc606b762ce292b49f07f36689954bc945274bbf
                                                                                      SHA256:2ddae2d8fda665c0136ba3afc04fdc81221e8ea9fda67bc8676728691d6434b5
                                                                                      SHA512:7aff0b88c92617b7cab90b048ee84f75bac6b751fc3ce83912aaef0fb6e13bafa2bfc6f76ff2951e4963f3bbba4583cf184e0c2700f79e50b619ae4cfccc9106
                                                                                      SSDEEP:98304:Iv266kKymLt4yq1tKqdvHF5txe06BNkyl226WiA4P0wcqN/q2:wIKmGRLbe06BN3lh6uxwcq7
                                                                                      TLSH:3F063300BBD98A76D51A9EB8FD3BE95148723C022F30766261CD2D924FBD5A1D113BB3
                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                      Icon Hash:2d2e3797b32b2b99
                                                                                      Entrypoint:0x409c40
                                                                                      Entrypoint Section:CODE
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:1
                                                                                      OS Version Minor:0
                                                                                      File Version Major:1
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:1
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:884310b1928934402ea6fec1dbd3cf5e
                                                                                      Instruction
                                                                                      push ebp
                                                                                      mov ebp, esp
                                                                                      add esp, FFFFFFC4h
                                                                                      push ebx
                                                                                      push esi
                                                                                      push edi
                                                                                      xor eax, eax
                                                                                      mov dword ptr [ebp-10h], eax
                                                                                      mov dword ptr [ebp-24h], eax
                                                                                      call 00007F45D8C482ABh
                                                                                      call 00007F45D8C494B2h
                                                                                      call 00007F45D8C49741h
                                                                                      call 00007F45D8C497E4h
                                                                                      call 00007F45D8C4B783h
                                                                                      call 00007F45D8C4E0EEh
                                                                                      call 00007F45D8C4E255h
                                                                                      xor eax, eax
                                                                                      push ebp
                                                                                      push 0040A2FCh
                                                                                      push dword ptr fs:[eax]
                                                                                      mov dword ptr fs:[eax], esp
                                                                                      xor edx, edx
                                                                                      push ebp
                                                                                      push 0040A2C5h
                                                                                      push dword ptr fs:[edx]
                                                                                      mov dword ptr fs:[edx], esp
                                                                                      mov eax, dword ptr [0040C014h]
                                                                                      call 00007F45D8C4ECBBh
                                                                                      call 00007F45D8C4E8EEh
                                                                                      lea edx, dword ptr [ebp-10h]
                                                                                      xor eax, eax
                                                                                      call 00007F45D8C4BDA8h
                                                                                      mov edx, dword ptr [ebp-10h]
                                                                                      mov eax, 0040CE24h
                                                                                      call 00007F45D8C48357h
                                                                                      push 00000002h
                                                                                      push 00000000h
                                                                                      push 00000001h
                                                                                      mov ecx, dword ptr [0040CE24h]
                                                                                      mov dl, 01h
                                                                                      mov eax, 0040738Ch
                                                                                      call 00007F45D8C4C637h
                                                                                      mov dword ptr [0040CE28h], eax
                                                                                      xor edx, edx
                                                                                      push ebp
                                                                                      push 0040A27Dh
                                                                                      push dword ptr fs:[edx]
                                                                                      mov dword ptr fs:[edx], esp
                                                                                      call 00007F45D8C4ED2Bh
                                                                                      mov dword ptr [0040CE30h], eax
                                                                                      mov eax, dword ptr [0040CE30h]
                                                                                      cmp dword ptr [eax+0Ch], 01h
                                                                                      jne 00007F45D8C4EE6Ah
                                                                                      mov eax, dword ptr [0040CE30h]
                                                                                      mov edx, 00000028h
                                                                                      call 00007F45D8C4CA38h
                                                                                      mov edx, dword ptr [00000030h]
                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      CODE0x10000x93640x9400e8a38c5eb0d717d3fb478c7e19f20477False0.6147856841216216data6.563139352016593IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      DATA0xb0000x24c0x4005d98c64569668b0235ae89005918165aFalse0.3046875data2.7373065622921344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      BSS0xc0000xe880x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .idata0xd0000x9500xa00bb5485bf968b970e5ea81292af2acdbaFalse0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .tls0xe0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rdata0xf0000x180x2009ba824905bf9c7922b6fc87a38b74366False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x100000x8b40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x110000x2c000x2c000241a1109f6587795a81a3e4d7069c33False0.3259055397727273data4.4988307209152785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                      RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                      RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                      RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                      RT_STRING0x125740x2f2data0.35543766578249336
                                                                                      RT_STRING0x128680x30cdata0.3871794871794872
                                                                                      RT_STRING0x12b740x2cedata0.42618384401114207
                                                                                      RT_STRING0x12e440x68data0.75
                                                                                      RT_STRING0x12eac0xb4data0.6277777777777778
                                                                                      RT_STRING0x12f600xaedata0.5344827586206896
                                                                                      RT_RCDATA0x130100x2cdata1.1818181818181819
                                                                                      RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                                                                      RT_VERSION0x1307c0x4b8COM executable for DOSEnglishUnited States0.2740066225165563
                                                                                      RT_MANIFEST0x135340x5a4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42590027700831024
                                                                                      DLLImport
                                                                                      kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                      user32.dllMessageBoxA
                                                                                      oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                      kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                      user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                      comctl32.dllInitCommonControls
                                                                                      advapi32.dllAdjustTokenPrivileges
                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      DutchNetherlands
                                                                                      EnglishUnited States
                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-13T07:48:02.706192+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549788188.119.66.185443TCP
                                                                                      2024-12-13T07:48:03.498642+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549788188.119.66.185443TCP
                                                                                      2024-12-13T07:48:08.411237+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549801188.119.66.185443TCP
                                                                                      2024-12-13T07:48:09.126710+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549801188.119.66.185443TCP
                                                                                      2024-12-13T07:48:10.711724+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549807188.119.66.185443TCP
                                                                                      2024-12-13T07:48:11.395663+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549807188.119.66.185443TCP
                                                                                      2024-12-13T07:48:13.287990+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549817188.119.66.185443TCP
                                                                                      2024-12-13T07:48:13.972030+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549817188.119.66.185443TCP
                                                                                      2024-12-13T07:48:15.538444+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549824188.119.66.185443TCP
                                                                                      2024-12-13T07:48:16.226782+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549824188.119.66.185443TCP
                                                                                      2024-12-13T07:48:17.790699+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549830188.119.66.185443TCP
                                                                                      2024-12-13T07:48:18.481630+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549830188.119.66.185443TCP
                                                                                      2024-12-13T07:48:20.079064+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549837188.119.66.185443TCP
                                                                                      2024-12-13T07:48:20.783681+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549837188.119.66.185443TCP
                                                                                      2024-12-13T07:48:22.360695+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549843188.119.66.185443TCP
                                                                                      2024-12-13T07:48:23.042386+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549843188.119.66.185443TCP
                                                                                      2024-12-13T07:48:24.812984+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549849188.119.66.185443TCP
                                                                                      2024-12-13T07:48:25.510100+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549849188.119.66.185443TCP
                                                                                      2024-12-13T07:48:27.281540+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549855188.119.66.185443TCP
                                                                                      2024-12-13T07:48:27.970392+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549855188.119.66.185443TCP
                                                                                      2024-12-13T07:48:29.564492+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549861188.119.66.185443TCP
                                                                                      2024-12-13T07:48:30.246401+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549861188.119.66.185443TCP
                                                                                      2024-12-13T07:48:31.832673+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549867188.119.66.185443TCP
                                                                                      2024-12-13T07:48:32.514205+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549867188.119.66.185443TCP
                                                                                      2024-12-13T07:48:34.300091+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549873188.119.66.185443TCP
                                                                                      2024-12-13T07:48:34.981559+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549873188.119.66.185443TCP
                                                                                      2024-12-13T07:48:36.557153+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549879188.119.66.185443TCP
                                                                                      2024-12-13T07:48:37.242885+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549879188.119.66.185443TCP
                                                                                      2024-12-13T07:48:38.998838+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549885188.119.66.185443TCP
                                                                                      2024-12-13T07:48:39.681829+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549885188.119.66.185443TCP
                                                                                      2024-12-13T07:48:41.433801+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549891188.119.66.185443TCP
                                                                                      2024-12-13T07:48:42.116378+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549891188.119.66.185443TCP
                                                                                      2024-12-13T07:48:43.681731+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549897188.119.66.185443TCP
                                                                                      2024-12-13T07:48:44.364047+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549897188.119.66.185443TCP
                                                                                      2024-12-13T07:48:45.932501+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549903188.119.66.185443TCP
                                                                                      2024-12-13T07:48:46.609426+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549903188.119.66.185443TCP
                                                                                      2024-12-13T07:48:48.218492+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549909188.119.66.185443TCP
                                                                                      2024-12-13T07:48:48.900934+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549909188.119.66.185443TCP
                                                                                      2024-12-13T07:48:50.655298+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549917188.119.66.185443TCP
                                                                                      2024-12-13T07:48:51.338712+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549917188.119.66.185443TCP
                                                                                      2024-12-13T07:48:53.421551+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549925188.119.66.185443TCP
                                                                                      2024-12-13T07:48:54.109422+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549925188.119.66.185443TCP
                                                                                      2024-12-13T07:48:55.753506+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549931188.119.66.185443TCP
                                                                                      2024-12-13T07:48:56.437089+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549931188.119.66.185443TCP
                                                                                      2024-12-13T07:48:58.006039+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549937188.119.66.185443TCP
                                                                                      2024-12-13T07:48:58.728588+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549937188.119.66.185443TCP
                                                                                      2024-12-13T07:49:00.288962+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549943188.119.66.185443TCP
                                                                                      2024-12-13T07:49:00.974599+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549943188.119.66.185443TCP
                                                                                      2024-12-13T07:49:02.555384+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549949188.119.66.185443TCP
                                                                                      2024-12-13T07:49:03.336156+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549949188.119.66.185443TCP
                                                                                      2024-12-13T07:49:05.183337+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549955188.119.66.185443TCP
                                                                                      2024-12-13T07:49:05.869130+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549955188.119.66.185443TCP
                                                                                      2024-12-13T07:49:07.456918+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549962188.119.66.185443TCP
                                                                                      2024-12-13T07:49:08.139068+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549962188.119.66.185443TCP
                                                                                      2024-12-13T07:49:09.941935+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549968188.119.66.185443TCP
                                                                                      2024-12-13T07:49:10.924857+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549968188.119.66.185443TCP
                                                                                      2024-12-13T07:49:12.694124+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.549975188.119.66.185443TCP
                                                                                      2024-12-13T07:49:13.375157+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549975188.119.66.185443TCP
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 13, 2024 07:48:01.224680901 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:01.224733114 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:01.224821091 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:01.234412909 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:01.234433889 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:02.706049919 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:02.706192017 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:02.916641951 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:02.916732073 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:02.917095900 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:02.917161942 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:02.925554037 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:02.967330933 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.498698950 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.498768091 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.498815060 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:03.498815060 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:03.500591993 CET49788443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:03.500626087 CET44349788188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.502250910 CET497942024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:03.621933937 CET20244979431.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.622011900 CET497942024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:03.622077942 CET497942024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:03.741987944 CET20244979431.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:03.742113113 CET497942024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:03.861965895 CET20244979431.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:04.943669081 CET20244979431.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:04.991064072 CET497942024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:06.962774038 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:06.962824106 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:06.962918997 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:06.963335991 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:06.963356972 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:08.411169052 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:08.411237001 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:08.411906004 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:08.411916018 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:08.412162066 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:08.412167072 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.126678944 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.126761913 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.126811028 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.126863956 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.126866102 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.126918077 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.127111912 CET49801443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.127145052 CET44349801188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.256257057 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.256325006 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:09.256510973 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.256846905 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:09.256903887 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:10.711592913 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:10.711724043 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:10.712491989 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:10.712502003 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:10.712765932 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:10.712779045 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.395699024 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.395787001 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.395986080 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:11.396292925 CET49807443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:11.396342039 CET44349807188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.397399902 CET498132024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:11.517854929 CET20244981331.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.518134117 CET498132024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:11.518135071 CET498132024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:11.518192053 CET498132024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:11.637963057 CET20244981331.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.646089077 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:11.646122932 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.646198988 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:11.646970034 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:11.646987915 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:11.680037022 CET20244981331.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:12.486856937 CET20244981331.214.157.206192.168.2.5
                                                                                      Dec 13, 2024 07:48:12.486953020 CET498132024192.168.2.531.214.157.206
                                                                                      Dec 13, 2024 07:48:13.287828922 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:13.287990093 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.288681030 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.288695097 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:13.288971901 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.288986921 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:13.972074032 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:13.972192049 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:13.972193003 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.972256899 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.972408056 CET49817443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:13.972434044 CET44349817188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:14.087867022 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:14.087923050 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:14.088049889 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:14.088412046 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:14.088434935 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:15.538078070 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:15.538444042 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:15.538718939 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:15.538749933 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:15.538912058 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:15.538923979 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:16.226810932 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:16.226893902 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:16.227001905 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:16.227250099 CET49824443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:16.227264881 CET44349824188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:16.338021040 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:16.338080883 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:16.338300943 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:16.338732004 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:16.338773012 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:17.790592909 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:17.790699005 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:17.791292906 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:17.791305065 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:17.791541100 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:17.791547060 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:18.481662035 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:18.481746912 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:18.481844902 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.481844902 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.482199907 CET49830443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.482228041 CET44349830188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:18.604407072 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.604439974 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:18.604522943 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.604794025 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:18.604809999 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.078939915 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.079063892 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.079664946 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.079675913 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.079889059 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.079895020 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.783832073 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.784079075 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.784105062 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.784156084 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.784221888 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.784276009 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.784334898 CET49837443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.784349918 CET44349837188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.902120113 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.902174950 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:20.902400970 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.903014898 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:20.903027058 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:22.360558033 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:22.360694885 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:22.361761093 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:22.361761093 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:22.361776114 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:22.361792088 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:23.042524099 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:23.042686939 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:23.042809963 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:23.045852900 CET49843443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:23.045876026 CET44349843188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:23.165843010 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:23.165929079 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:23.169991016 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:23.170380116 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:23.170404911 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:24.812917948 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:24.812983990 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:24.813607931 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:24.813616991 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:24.813859940 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:24.813864946 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.510088921 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.510195017 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.510221004 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.510268927 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.510324001 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.510361910 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.510386944 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.510431051 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.515249968 CET49849443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.515271902 CET44349849188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.634623051 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.634668112 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:25.634782076 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.635097980 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:25.635114908 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.281419992 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.281539917 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.282069921 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.282100916 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.282269001 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.282283068 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.970489025 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.970577002 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.970642090 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.970676899 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:27.970719099 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.970752954 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.971010923 CET49855443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:27.971043110 CET44349855188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:28.087821960 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:28.087938070 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:28.088047028 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:28.088309050 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:28.088346958 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:29.562737942 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:29.564491987 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:29.568145990 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:29.568176985 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:29.568416119 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:29.568429947 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.246495962 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.246623039 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.246671915 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.246710062 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.246737957 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.246771097 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.246874094 CET49861443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.246901989 CET44349861188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.369178057 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.369227886 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:30.369333982 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.369791985 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:30.369817972 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:31.832600117 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:31.832673073 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:31.833312035 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:31.833321095 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:31.833653927 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:31.833657980 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:32.514231920 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:32.514319897 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:32.514413118 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.514617920 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.514831066 CET49867443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.514849901 CET44349867188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:32.640703917 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.640749931 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:32.640820026 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.641285896 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:32.641304016 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.299936056 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.300091028 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:34.300682068 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:34.300692081 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.301037073 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:34.301042080 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.981554985 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.981643915 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:34.981867075 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:34.982419014 CET49873443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:34.982436895 CET44349873188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:35.103485107 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:35.103528976 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:35.104540110 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:35.104540110 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:35.104578972 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:36.557073116 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:36.557152987 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:36.558223963 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:36.558223963 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:36.558238029 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:36.558265924 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:37.242903948 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:37.242974997 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:37.243043900 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.243067980 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.243253946 CET49879443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.243268967 CET44349879188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:37.353743076 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.353809118 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:37.353889942 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.354196072 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:37.354212999 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:38.998716116 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:38.998837948 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:38.999536037 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:38.999547005 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:38.999747992 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:38.999753952 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:39.681840897 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:39.681929111 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:39.681974888 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.682014942 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.682266951 CET49885443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.682291031 CET44349885188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:39.791251898 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.791300058 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:39.791378975 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.791733980 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:39.791749001 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:41.433479071 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:41.433800936 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:41.434448004 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:41.434456110 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:41.434499025 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:41.434504986 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.116450071 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.116589069 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.116604090 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.116622925 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.116692066 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.116692066 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.116887093 CET49891443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.116902113 CET44349891188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.228401899 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.228447914 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:42.228599072 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.228913069 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:42.228931904 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:43.681653023 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:43.681730986 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:43.682334900 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:43.682342052 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:43.684292078 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:43.684299946 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:44.364082098 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:44.364162922 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:44.364288092 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:44.364526987 CET49897443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:44.364546061 CET44349897188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:44.478410959 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:44.478446960 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:44.478535891 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:44.478874922 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:44.478888988 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:45.928992987 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:45.932501078 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:45.932986021 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:45.933003902 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:45.933204889 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:45.933212042 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:46.609437943 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:46.609524012 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.609544039 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:46.609601974 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.609841108 CET49903443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.609868050 CET44349903188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:46.734049082 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.734155893 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:46.734252930 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.734724998 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:46.734761000 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.218323946 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.218492031 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.219167948 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.219189882 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.219358921 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.219367981 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.900976896 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.901024103 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:48.901082039 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.901118040 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.901356936 CET49909443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:48.901377916 CET44349909188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:49.009665966 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:49.009722948 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:49.009800911 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:49.010081053 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:49.010094881 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:50.655214071 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:50.655297995 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:50.655824900 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:50.655831099 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:50.656008005 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:50.656013966 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:51.338512897 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:51.338586092 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:51.338622093 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.338664055 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.338901043 CET49917443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.338924885 CET44349917188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:51.462549925 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.462610960 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:51.462697029 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.462997913 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:51.463020086 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:53.421412945 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:53.421550989 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:53.422151089 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:53.422167063 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:53.422388077 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:53.422394037 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:54.109460115 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:54.109549046 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:54.109617949 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.109657049 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.110003948 CET49925443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.110021114 CET44349925188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:54.228400946 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.228456974 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:54.228528023 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.228858948 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:54.228878021 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:55.753338099 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:55.753505945 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:55.754374027 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:55.754381895 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:55.754828930 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:55.754834890 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:56.437146902 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:56.437227011 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:56.437308073 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.437351942 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.437664032 CET49931443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.437686920 CET44349931188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:56.556550980 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.556610107 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:56.556813002 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.557071924 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:56.557089090 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.005938053 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.006038904 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.006628036 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.006635904 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.006802082 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.006807089 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.728569031 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.728643894 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.728653908 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.728667021 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.728713036 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.728729010 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.728997946 CET49937443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.729013920 CET44349937188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.837809086 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.837853909 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:48:58.837969065 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.839337111 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:48:58.839354038 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.288871050 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.288961887 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.289542913 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.289558887 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.289774895 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.289781094 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.974617004 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.974688053 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:00.974855900 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.974855900 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.975119114 CET49943443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:00.975132942 CET44349943188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:01.103544950 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:01.103602886 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:01.103677034 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:01.104022980 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:01.104038000 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:02.555233002 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:02.555383921 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:02.555983067 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:02.556009054 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:02.556236029 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:02.556246996 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:03.336195946 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:03.336265087 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:03.336314917 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.336340904 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.364650965 CET49949443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.364670992 CET44349949188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:03.542634964 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.542665958 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:03.542783976 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.545366049 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:03.545377970 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.182899952 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.183336973 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.185086012 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.185103893 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.186589956 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.186594963 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.869159937 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.869324923 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.869571924 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.869719982 CET49955443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.869746923 CET44349955188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.997312069 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.997371912 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:05.997443914 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.997771025 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:05.997791052 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:07.456820965 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:07.456918001 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:07.457572937 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:07.457580090 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:07.459472895 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:07.459482908 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.139087915 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.139163971 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.139183044 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.139228106 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.139328957 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.139389992 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.139533043 CET49962443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.139553070 CET44349962188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.262521982 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.262562990 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:08.262634993 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.262964010 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:08.262979984 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:09.935558081 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:09.941935062 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.343553066 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.343573093 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:10.347445965 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.347464085 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:10.924909115 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:10.924978971 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.924997091 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:10.925012112 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:10.925060034 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.925187111 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.925246000 CET49968443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:10.925267935 CET44349968188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:11.043534040 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:11.043654919 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:11.043840885 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:11.044125080 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:11.044167042 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:12.693907976 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:12.694123983 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:12.694925070 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:12.694957018 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:12.697356939 CET49975443192.168.2.5188.119.66.185
                                                                                      Dec 13, 2024 07:49:12.697374105 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:13.375185966 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:13.375250101 CET44349975188.119.66.185192.168.2.5
                                                                                      Dec 13, 2024 07:49:13.375405073 CET49975443192.168.2.5188.119.66.185
                                                                                      • 188.119.66.185
                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.549788188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:02 UTC283OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b82a8dcd6c946851e300888b3250aa15d005633775b0e650f7ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231bd73884 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:03 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:03 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:03 UTC846INData Raw: 33 34 32 0d 0a 38 62 37 32 33 63 36 38 65 65 31 38 34 30 33 63 36 36 30 66 62 66 65 30 33 38 34 63 32 37 62 36 62 63 38 66 38 30 32 32 34 63 62 64 33 62 63 31 39 30 32 34 39 66 37 65 31 36 66 65 30 34 64 64 65 37 36 37 34 62 62 33 35 63 38 64 31 65 33 66 37 38 37 61 61 30 61 66 30 64 39 62 66 35 30 31 64 32 39 61 62 31 63 61 32 39 37 34 64 34 66 34 34 63 63 34 39 35 66 62 35 32 64 31 64 34 39 35 35 34 61 63 62 36 66 34 63 61 30 61 30 32 63 35 63 38 30 32 31 38 63 30 33 32 32 36 31 30 63 64 33 39 38 63 64 65 64 33 39 34 35 64 34 38 63 32 37 31 33 35 66 66 63 33 30 34 35 35 36 63 30 65 37 30 63 38 66 30 30 61 37 32 62 63 66 39 35 61 61 65 65 65 65 62 35 39 61 62 37 37 63 33 64 34 32 30 66 64 66 32 64 38 65 64 34 64 30 65 38 65 35 38 39 33 33 34 61 65 33 34
                                                                                      Data Ascii: 3428b723c68ee18403c660fbfe0384c27b6bc8f80224cbd3bc190249f7e16fe04dde7674bb35c8d1e3f787aa0af0d9bf501d29ab1ca2974d4f44cc495fb52d1d49554acb6f4ca0a02c5c80218c0322610cd398cded3945d48c27135ffc304556c0e70c8f00a72bcf95aaeeeeb59ab77c3d420fdf2d8ed4d0e8e589334ae34


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.549801188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:08 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:09 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:08 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:09 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.549807188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:10 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:11 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:11 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:11 UTC702INData Raw: 32 62 32 0d 0a 38 62 37 32 32 61 37 37 65 34 31 66 35 35 32 63 33 34 34 38 61 33 65 34 36 64 32 30 37 66 65 38 62 33 38 63 38 35 33 66 35 33 62 39 33 61 64 66 38 63 32 35 39 61 36 38 35 39 62 64 34 36 38 66 38 39 32 34 30 63 65 61 31 33 64 37 31 32 33 64 37 30 32 63 65 33 66 35 35 34 66 36 61 35 35 66 64 36 39 38 62 61 63 38 33 37 37 35 64 32 66 66 35 33 63 34 39 30 65 35 34 65 64 37 64 31 38 31 35 37 61 39 62 35 65 61 63 35 30 64 30 39 63 32 64 36 30 35 31 65 64 35 33 32 32 37 31 63 63 64 33 31 38 34 64 35 63 63 39 35 35 61 35 36 63 38 37 30 33 64 66 33 64 63 30 36 35 35 36 66 31 62 37 33 63 65 66 36 30 61 37 37 62 31 66 32 34 31 61 66 65 39 66 35 35 33 61 61 37 63 63 63 63 62 32 31 66 35 66 33 63 64 65 64 34 62 31 33 39 31 35 39 39 64 33 63 62 31 33 35
                                                                                      Data Ascii: 2b28b722a77e41f552c3448a3e46d207fe8b38c853f53b93adf8c259a6859bd468f89240cea13d7123d702ce3f554f6a55fd698bac83775d2ff53c490e54ed7d18157a9b5eac50d09c2d6051ed532271ccd3184d5cc955a56c8703df3dc06556f1b73cef60a77b1f241afe9f553aa7ccccb21f5f3cded4b1391599d3cb135


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.549817188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:13 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:13 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:13 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:13 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.549824188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:15 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:16 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:16 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:16 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.549830188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:17 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:18 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:18 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:18 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.549837188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:20 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:20 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:20 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:20 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.549843188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:22 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:23 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:22 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:23 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.549849188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:24 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:25 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:25 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:25 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.549855188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:27 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:27 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:27 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:27 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.549861188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:29 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:30 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:30 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:30 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.549867188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:31 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:32 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:32 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:32 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.549873188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:34 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:34 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:34 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:34 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.549879188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:36 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:37 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:37 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:37 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.549885188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:38 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:39 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:39 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:39 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.549891188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:41 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:42 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:41 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:42 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.549897188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:43 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:44 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:44 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:44 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.549903188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:45 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:46 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:46 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:46 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.549909188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:48 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:48 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:48 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:48 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.549917188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:50 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:51 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:51 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:51 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.549925188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:53 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:54 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:53 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:54 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.549931188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:55 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:56 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:56 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:56 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.549937188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:48:58 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:48:58 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:48:58 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:48:58 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.549943188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:00 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:00 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:00 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:00 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.549949188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:02 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:03 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:03 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:03 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.549955188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:05 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:05 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:05 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:05 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.549962188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:07 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:08 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:07 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:08 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.549968188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:10 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:10 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:10 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:10 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.549975188.119.66.1854431440C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-13 06:49:12 UTC291OUTGET /ai/?key=8f3f2b3ae115416b731ce2a8231e72eee7c4db7e40b92a8dcd6c946a4fbd41879e7c4ce71bc34f7f632ef3b70caaf94cda9ba6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd6d69c55 HTTP/1.1
                                                                                      User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                      Host: 188.119.66.185
                                                                                      2024-12-13 06:49:13 UTC200INHTTP/1.1 200 OK
                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                      Date: Fri, 13 Dec 2024 06:49:13 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      X-Powered-By: PHP/7.4.33
                                                                                      2024-12-13 06:49:13 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                      Data Ascii: e8b723663ec13250


                                                                                      Click to jump to process

                                                                                      Click to jump to process

                                                                                      Click to dive into process behavior distribution

                                                                                      Click to jump to process

                                                                                      Target ID:0
                                                                                      Start time:01:47:06
                                                                                      Start date:13/12/2024
                                                                                      Path:C:\Users\user\Desktop\7i6bUvYZ4L.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\7i6bUvYZ4L.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:3'885'247 bytes
                                                                                      MD5 hash:2A1F95489DE624041B9216BACEF3816A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      Target ID:1
                                                                                      Start time:01:47:06
                                                                                      Start date:13/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-RQHGO.tmp\7i6bUvYZ4L.tmp" /SL5="$20456,3636467,54272,C:\Users\user\Desktop\7i6bUvYZ4L.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:705'536 bytes
                                                                                      MD5 hash:B4D4F779EA9E1F6AC0828B0B21EE319A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 3%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      Target ID:3
                                                                                      Start time:01:47:07
                                                                                      Start date:13/12/2024
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                                                                                      Imagebase:0xd30000
                                                                                      File size:187'904 bytes
                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Target ID:4
                                                                                      Start time:01:47:07
                                                                                      Start date:13/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff6d64d0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Target ID:5
                                                                                      Start time:01:47:07
                                                                                      Start date:13/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i
                                                                                      Imagebase:0x400000
                                                                                      File size:3'026'876 bytes
                                                                                      MD5 hash:5FD3D7BFE29EF3FB62C34886D452C6B9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000005.00000002.3319463438.000000000283F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.2071801857.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 50%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:21.2%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:2.5%
                                                                                        Total number of Nodes:1463
                                                                                        Total number of Limit Nodes:16
                                                                                        execution_graph 4981 409c40 5022 4030dc 4981->5022 4983 409c56 5025 4042e8 4983->5025 4985 409c5b 5028 40457c GetModuleHandleA GetProcAddress 4985->5028 4989 409c65 5036 4065c8 4989->5036 4991 409c6a 5045 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 4991->5045 5008 409d43 5107 4074a0 5008->5107 5010 409d05 5010->5008 5140 409aa0 5010->5140 5011 409d84 5111 407a28 5011->5111 5012 409d69 5012->5011 5013 409aa0 18 API calls 5012->5013 5013->5011 5015 409da9 5121 408b08 5015->5121 5019 409def 5020 408b08 35 API calls 5019->5020 5021 409e28 5019->5021 5020->5019 5150 403094 5022->5150 5024 4030e1 GetModuleHandleA GetCommandLineA 5024->4983 5027 404323 5025->5027 5151 403154 5025->5151 5027->4985 5029 404598 5028->5029 5030 40459f GetProcAddress 5028->5030 5029->5030 5031 4045b5 GetProcAddress 5030->5031 5032 4045ae 5030->5032 5033 4045c4 SetProcessDEPPolicy 5031->5033 5034 4045c8 5031->5034 5032->5031 5033->5034 5035 404624 6F551CD0 5034->5035 5035->4989 5164 405ca8 5036->5164 5046 4090f7 5045->5046 5326 406fa0 SetErrorMode 5046->5326 5051 403198 4 API calls 5052 40913c 5051->5052 5053 409b30 GetSystemInfo VirtualQuery 5052->5053 5054 409be4 5053->5054 5057 409b5a 5053->5057 5059 409768 5054->5059 5055 409bc5 VirtualQuery 5055->5054 5055->5057 5056 409b84 VirtualProtect 5056->5057 5057->5054 5057->5055 5057->5056 5058 409bb3 VirtualProtect 5057->5058 5058->5055 5336 406bd0 GetCommandLineA 5059->5336 5061 409825 5062 4031b8 4 API calls 5061->5062 5064 40983f 5062->5064 5063 406c2c 20 API calls 5066 409785 5063->5066 5067 406c2c 5064->5067 5065 403454 18 API calls 5065->5066 5066->5061 5066->5063 5066->5065 5068 406c53 GetModuleFileNameA 5067->5068 5069 406c77 GetCommandLineA 5067->5069 5070 403278 18 API calls 5068->5070 5073 406c7c 5069->5073 5071 406c75 5070->5071 5074 406ca4 5071->5074 5072 406c81 5075 403198 4 API calls 5072->5075 5073->5072 5076 406af0 18 API calls 5073->5076 5077 406c89 5073->5077 5078 403198 4 API calls 5074->5078 5075->5077 5076->5073 5080 40322c 4 API calls 5077->5080 5079 406cb9 5078->5079 5081 4031e8 5079->5081 5080->5074 5082 4031ec 5081->5082 5085 4031fc 5081->5085 5084 403254 18 API calls 5082->5084 5082->5085 5083 403228 5087 4074e0 5083->5087 5084->5085 5085->5083 5086 4025ac 4 API calls 5085->5086 5086->5083 5088 4074ea 5087->5088 5357 407576 5088->5357 5360 407578 5088->5360 5089 407516 5090 40752a 5089->5090 5363 40748c GetLastError 5089->5363 5094 409bec FindResourceA 5090->5094 5095 409c01 5094->5095 5096 409c06 SizeofResource 5094->5096 5097 409aa0 18 API calls 5095->5097 5098 409c13 5096->5098 5099 409c18 LoadResource 5096->5099 5097->5096 5100 409aa0 18 API calls 5098->5100 5101 409c26 5099->5101 5102 409c2b LockResource 5099->5102 5100->5099 5105 409aa0 18 API calls 5101->5105 5103 409c37 5102->5103 5104 409c3c 5102->5104 5106 409aa0 18 API calls 5103->5106 5104->5010 5137 407918 5104->5137 5105->5102 5106->5104 5109 4074b4 5107->5109 5108 4074c4 5108->5012 5109->5108 5110 4073ec 34 API calls 5109->5110 5110->5108 5112 407a35 5111->5112 5113 405890 18 API calls 5112->5113 5114 407a89 5112->5114 5113->5114 5115 407918 InterlockedExchange 5114->5115 5116 407a9b 5115->5116 5117 405890 18 API calls 5116->5117 5118 407ab1 5116->5118 5117->5118 5119 407af4 5118->5119 5120 405890 18 API calls 5118->5120 5119->5015 5120->5119 5129 408b82 5121->5129 5135 408b39 5121->5135 5122 408bcd 5471 407cb8 5122->5471 5123 407cb8 35 API calls 5123->5135 5126 408be4 5128 4031b8 4 API calls 5126->5128 5127 4034f0 18 API calls 5127->5129 5130 408bfe 5128->5130 5129->5122 5129->5127 5133 403420 18 API calls 5129->5133 5134 4031e8 18 API calls 5129->5134 5136 407cb8 35 API calls 5129->5136 5147 404c20 5130->5147 5131 403420 18 API calls 5131->5135 5132 4031e8 18 API calls 5132->5135 5133->5129 5134->5129 5135->5123 5135->5129 5135->5131 5135->5132 5462 4034f0 5135->5462 5136->5129 5497 4078c4 5137->5497 5141 409ac1 5140->5141 5142 409aa9 5140->5142 5144 405890 18 API calls 5141->5144 5143 405890 18 API calls 5142->5143 5145 409abb 5143->5145 5146 409ad2 5144->5146 5145->5008 5146->5008 5148 402594 18 API calls 5147->5148 5149 404c2b 5148->5149 5149->5019 5150->5024 5152 403164 5151->5152 5153 40318c TlsGetValue 5151->5153 5152->5027 5154 403196 5153->5154 5155 40316f 5153->5155 5154->5027 5159 40310c 5155->5159 5157 403174 TlsGetValue 5158 403184 5157->5158 5158->5027 5160 403120 LocalAlloc 5159->5160 5161 403116 5159->5161 5162 40313e TlsSetValue 5160->5162 5163 403132 5160->5163 5161->5160 5162->5163 5163->5157 5236 405940 5164->5236 5167 405280 GetSystemDefaultLCID 5171 4052b6 5167->5171 5168 404cdc 19 API calls 5168->5171 5169 40520c 19 API calls 5169->5171 5170 4031e8 18 API calls 5170->5171 5171->5168 5171->5169 5171->5170 5175 405318 5171->5175 5172 404cdc 19 API calls 5172->5175 5173 40520c 19 API calls 5173->5175 5174 4031e8 18 API calls 5174->5175 5175->5172 5175->5173 5175->5174 5176 40539b 5175->5176 5304 4031b8 5176->5304 5179 4053c4 GetSystemDefaultLCID 5308 40520c GetLocaleInfoA 5179->5308 5182 4031e8 18 API calls 5183 405404 5182->5183 5184 40520c 19 API calls 5183->5184 5185 405419 5184->5185 5186 40520c 19 API calls 5185->5186 5187 40543d 5186->5187 5314 405258 GetLocaleInfoA 5187->5314 5190 405258 GetLocaleInfoA 5191 40546d 5190->5191 5192 40520c 19 API calls 5191->5192 5193 405487 5192->5193 5194 405258 GetLocaleInfoA 5193->5194 5195 4054a4 5194->5195 5196 40520c 19 API calls 5195->5196 5197 4054be 5196->5197 5198 4031e8 18 API calls 5197->5198 5199 4054cb 5198->5199 5200 40520c 19 API calls 5199->5200 5201 4054e0 5200->5201 5202 4031e8 18 API calls 5201->5202 5203 4054ed 5202->5203 5204 405258 GetLocaleInfoA 5203->5204 5205 4054fb 5204->5205 5206 40520c 19 API calls 5205->5206 5207 405515 5206->5207 5208 4031e8 18 API calls 5207->5208 5209 405522 5208->5209 5210 40520c 19 API calls 5209->5210 5211 405537 5210->5211 5212 4031e8 18 API calls 5211->5212 5213 405544 5212->5213 5214 40520c 19 API calls 5213->5214 5215 405559 5214->5215 5216 405576 5215->5216 5217 405567 5215->5217 5219 40322c 4 API calls 5216->5219 5322 40322c 5217->5322 5220 405574 5219->5220 5221 40520c 19 API calls 5220->5221 5222 405598 5221->5222 5223 4055b5 5222->5223 5224 4055a6 5222->5224 5225 403198 4 API calls 5223->5225 5226 40322c 4 API calls 5224->5226 5227 4055b3 5225->5227 5226->5227 5316 4033b4 5227->5316 5229 4055d7 5230 4033b4 18 API calls 5229->5230 5231 4055f1 5230->5231 5232 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5231->5232 5233 40560b 5232->5233 5234 405cf4 GetVersionExA 5233->5234 5235 405d0b 5234->5235 5235->4991 5237 40594c 5236->5237 5244 404cdc LoadStringA 5237->5244 5240 4031e8 18 API calls 5241 40597d 5240->5241 5247 403198 5241->5247 5251 403278 5244->5251 5248 4031b7 5247->5248 5249 40319e 5247->5249 5248->5167 5249->5248 5300 4025ac 5249->5300 5256 403254 5251->5256 5253 403288 5254 403198 4 API calls 5253->5254 5255 4032a0 5254->5255 5255->5240 5257 403274 5256->5257 5258 403258 5256->5258 5257->5253 5261 402594 5258->5261 5260 403261 5260->5253 5262 402598 5261->5262 5264 4025a2 5261->5264 5267 401fd4 5262->5267 5263 40259e 5263->5264 5265 403154 4 API calls 5263->5265 5264->5260 5264->5264 5265->5264 5268 401fe8 5267->5268 5269 401fed 5267->5269 5278 401918 RtlInitializeCriticalSection 5268->5278 5271 402012 RtlEnterCriticalSection 5269->5271 5272 40201c 5269->5272 5274 401ff1 5269->5274 5271->5272 5272->5274 5285 401ee0 5272->5285 5274->5263 5276 402147 5276->5263 5277 40213d RtlLeaveCriticalSection 5277->5276 5279 40193c RtlEnterCriticalSection 5278->5279 5280 401946 5278->5280 5279->5280 5281 401964 LocalAlloc 5280->5281 5282 40197e 5281->5282 5283 4019c3 RtlLeaveCriticalSection 5282->5283 5284 4019cd 5282->5284 5283->5284 5284->5269 5287 401ef0 5285->5287 5286 401f1c 5290 401f40 5286->5290 5296 401d00 5286->5296 5287->5286 5287->5290 5291 401e58 5287->5291 5290->5276 5290->5277 5292 4016d8 LocalAlloc VirtualAlloc VirtualFree VirtualFree VirtualAlloc 5291->5292 5293 401e68 5292->5293 5294 401dcc 9 API calls 5293->5294 5295 401e75 5293->5295 5294->5295 5295->5287 5297 401d4e 5296->5297 5298 401d1e 5296->5298 5297->5298 5299 401c68 9 API calls 5297->5299 5298->5290 5299->5298 5301 4025b0 5300->5301 5303 4025ba 5300->5303 5302 403154 4 API calls 5301->5302 5301->5303 5302->5303 5303->5248 5306 4031be 5304->5306 5305 4031e3 5305->5179 5306->5305 5307 4025ac 4 API calls 5306->5307 5307->5306 5309 405233 5308->5309 5310 405245 5308->5310 5311 403278 18 API calls 5309->5311 5312 40322c 4 API calls 5310->5312 5313 405243 5311->5313 5312->5313 5313->5182 5315 405274 5314->5315 5315->5190 5317 4033bc 5316->5317 5318 403254 18 API calls 5317->5318 5319 4033cf 5318->5319 5320 4031e8 18 API calls 5319->5320 5321 4033f7 5320->5321 5324 403230 5322->5324 5323 403252 5323->5220 5324->5323 5325 4025ac 4 API calls 5324->5325 5325->5323 5334 403414 5326->5334 5329 406fee 5330 407284 FormatMessageA 5329->5330 5331 4072aa 5330->5331 5332 403278 18 API calls 5331->5332 5333 4072c7 5332->5333 5333->5051 5335 403418 LoadLibraryA 5334->5335 5335->5329 5343 406af0 5336->5343 5338 406bf3 5339 406af0 18 API calls 5338->5339 5340 406c05 5338->5340 5339->5338 5341 403198 4 API calls 5340->5341 5342 406c1a 5341->5342 5342->5066 5344 406b1c 5343->5344 5345 403278 18 API calls 5344->5345 5346 406b29 5345->5346 5353 403420 5346->5353 5348 406b31 5349 4031e8 18 API calls 5348->5349 5350 406b49 5349->5350 5351 403198 4 API calls 5350->5351 5352 406b6b 5351->5352 5352->5338 5354 403426 5353->5354 5356 403437 5353->5356 5355 403254 18 API calls 5354->5355 5354->5356 5355->5356 5356->5348 5358 407578 5357->5358 5359 4075b7 CreateFileA 5358->5359 5359->5089 5361 403414 5360->5361 5362 4075b7 CreateFileA 5361->5362 5362->5089 5366 4073ec 5363->5366 5367 407284 19 API calls 5366->5367 5368 407414 5367->5368 5369 407434 5368->5369 5375 405194 5368->5375 5378 405890 5369->5378 5372 407443 5373 403198 4 API calls 5372->5373 5374 407460 5373->5374 5374->5090 5382 4051a8 5375->5382 5379 405897 5378->5379 5380 4031e8 18 API calls 5379->5380 5381 4058af 5380->5381 5381->5372 5383 4051c5 5382->5383 5390 404e58 5383->5390 5386 4051f1 5388 403278 18 API calls 5386->5388 5389 4051a3 5388->5389 5389->5369 5393 404e73 5390->5393 5391 404e85 5391->5386 5395 404be4 5391->5395 5393->5391 5398 404f7a 5393->5398 5405 404e4c 5393->5405 5396 405940 19 API calls 5395->5396 5397 404bf5 5396->5397 5397->5386 5399 404f8b 5398->5399 5402 404fd9 5398->5402 5401 40505f 5399->5401 5399->5402 5404 404ff7 5401->5404 5412 404e38 5401->5412 5402->5404 5408 404df4 5402->5408 5404->5393 5404->5404 5406 403198 4 API calls 5405->5406 5407 404e56 5406->5407 5407->5393 5409 404e02 5408->5409 5415 404bfc 5409->5415 5411 404e30 5411->5402 5428 4039a4 5412->5428 5418 4059b0 5415->5418 5417 404c15 5417->5411 5419 4059be 5418->5419 5420 404cdc 19 API calls 5419->5420 5421 4059e8 5420->5421 5422 405194 33 API calls 5421->5422 5423 4059f6 5422->5423 5424 4031e8 18 API calls 5423->5424 5425 405a01 5424->5425 5426 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5425->5426 5427 405a1b 5426->5427 5427->5417 5429 4039ab 5428->5429 5434 4038b4 5429->5434 5431 4039cb 5432 403198 4 API calls 5431->5432 5433 4039d2 5432->5433 5433->5404 5435 4038d5 5434->5435 5436 4038c8 5434->5436 5438 403934 5435->5438 5439 4038db 5435->5439 5437 403780 6 API calls 5436->5437 5442 4038d0 5437->5442 5440 403993 5438->5440 5441 40393b 5438->5441 5443 4038e1 5439->5443 5444 4038ee 5439->5444 5449 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5440->5449 5445 403941 5441->5445 5446 40394b 5441->5446 5442->5431 5447 403894 6 API calls 5443->5447 5448 403894 6 API calls 5444->5448 5450 403864 23 API calls 5445->5450 5451 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5446->5451 5447->5442 5452 4038fc 5448->5452 5449->5442 5450->5442 5453 40395d 5451->5453 5454 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5452->5454 5455 403864 23 API calls 5453->5455 5456 403917 5454->5456 5457 403976 5455->5457 5458 40374c VariantClear 5456->5458 5459 40374c VariantClear 5457->5459 5460 40392c 5458->5460 5461 40398b 5459->5461 5460->5431 5461->5431 5464 4034fd 5462->5464 5470 40352d 5462->5470 5463 403198 4 API calls 5466 403517 5463->5466 5465 403526 5464->5465 5467 403509 5464->5467 5468 403254 18 API calls 5465->5468 5466->5135 5477 4025c4 5467->5477 5468->5470 5470->5463 5472 407cd3 5471->5472 5476 407cc8 5471->5476 5481 407c5c 5472->5481 5475 405890 18 API calls 5475->5476 5476->5126 5478 4025ca 5477->5478 5479 4025dc 5478->5479 5480 403154 4 API calls 5478->5480 5479->5466 5479->5479 5480->5479 5482 407caf 5481->5482 5483 407c70 5481->5483 5482->5475 5482->5476 5483->5482 5485 407bac 5483->5485 5486 407bb7 5485->5486 5487 407bc8 5485->5487 5488 405890 18 API calls 5486->5488 5489 4074a0 34 API calls 5487->5489 5488->5487 5490 407bdc 5489->5490 5491 4074a0 34 API calls 5490->5491 5492 407bfd 5491->5492 5493 407918 InterlockedExchange 5492->5493 5494 407c12 5493->5494 5495 407c28 5494->5495 5496 405890 18 API calls 5494->5496 5495->5483 5496->5495 5498 4078d6 5497->5498 5499 4078e7 5497->5499 5500 4078db InterlockedExchange 5498->5500 5499->5010 5500->5499 6091 409e47 6092 409e6c 6091->6092 6093 4098f4 29 API calls 6092->6093 6096 409e71 6093->6096 6094 409ec4 6125 4026c4 GetSystemTime 6094->6125 6096->6094 6100 408dd8 18 API calls 6096->6100 6097 409ec9 6098 409330 46 API calls 6097->6098 6099 409ed1 6098->6099 6101 4031e8 18 API calls 6099->6101 6102 409ea0 6100->6102 6103 409ede 6101->6103 6105 409ea8 MessageBoxA 6102->6105 6104 406928 19 API calls 6103->6104 6106 409eeb 6104->6106 6105->6094 6107 409eb5 6105->6107 6108 4066c0 19 API calls 6106->6108 6109 405864 19 API calls 6107->6109 6110 409efb 6108->6110 6109->6094 6111 406638 19 API calls 6110->6111 6112 409f0c 6111->6112 6113 403340 18 API calls 6112->6113 6114 409f1a 6113->6114 6115 4031e8 18 API calls 6114->6115 6116 409f2a 6115->6116 6117 4074e0 37 API calls 6116->6117 6118 409f69 6117->6118 6119 402594 18 API calls 6118->6119 6120 409f89 6119->6120 6121 407a28 19 API calls 6120->6121 6122 409fcb 6121->6122 6123 407cb8 35 API calls 6122->6123 6124 409ff2 6123->6124 6125->6097 6052 407548 6053 407554 CloseHandle 6052->6053 6054 40755d 6052->6054 6053->6054 6596 402b48 RaiseException 6055 407749 6056 4076dc WriteFile 6055->6056 6062 407724 6055->6062 6057 4076e8 6056->6057 6058 4076ef 6056->6058 6059 40748c 35 API calls 6057->6059 6060 407700 6058->6060 6061 4073ec 34 API calls 6058->6061 6059->6058 6061->6060 6062->6055 6063 4077e0 6062->6063 6064 4078db InterlockedExchange 6063->6064 6066 407890 6063->6066 6065 4078e7 6064->6065 6597 40294a 6598 402952 6597->6598 6599 403554 4 API calls 6598->6599 6600 402967 6598->6600 6599->6598 6601 403f4a 6602 403f53 6601->6602 6604 403f5c 6601->6604 6605 403f07 6602->6605 6608 403f09 6605->6608 6606 403f3c 6606->6604 6609 403154 4 API calls 6608->6609 6611 403e9c 6608->6611 6615 403f3d 6608->6615 6628 403e9c 6608->6628 6609->6608 6610 403ef2 6613 402674 4 API calls 6610->6613 6611->6606 6611->6610 6616 403ea9 6611->6616 6619 403e8e 6611->6619 6618 403ecf 6613->6618 6615->6604 6617 402674 4 API calls 6616->6617 6616->6618 6617->6618 6618->6604 6620 403e4c 6619->6620 6621 403e67 6620->6621 6622 403e62 6620->6622 6623 403e7b 6620->6623 6626 403e78 6621->6626 6627 402674 4 API calls 6621->6627 6624 403cc8 4 API calls 6622->6624 6625 402674 4 API calls 6623->6625 6624->6621 6625->6626 6626->6610 6626->6616 6627->6626 6629 403ed7 6628->6629 6635 403ea9 6628->6635 6631 403ef2 6629->6631 6632 403e8e 4 API calls 6629->6632 6630 403ecf 6630->6608 6633 402674 4 API calls 6631->6633 6634 403ee6 6632->6634 6633->6630 6634->6631 6634->6635 6635->6630 6636 402674 4 API calls 6635->6636 6636->6630 6126 403a52 6127 403a5a WriteFile 6126->6127 6129 403a74 6126->6129 6128 403a78 GetLastError 6127->6128 6127->6129 6128->6129 6130 402654 6131 403154 4 API calls 6130->6131 6132 402614 6131->6132 6133 402632 6132->6133 6134 403154 4 API calls 6132->6134 6134->6133 6645 405160 6646 405173 6645->6646 6647 404e58 33 API calls 6646->6647 6648 405187 6647->6648 5501 409e62 5502 409aa0 18 API calls 5501->5502 5503 409e67 5502->5503 5504 409e6c 5503->5504 5604 402f24 5503->5604 5538 4098f4 5504->5538 5507 409ec4 5543 4026c4 GetSystemTime 5507->5543 5509 409e71 5509->5507 5609 408dd8 5509->5609 5510 409ec9 5544 409330 5510->5544 5514 4031e8 18 API calls 5516 409ede 5514->5516 5515 409ea0 5518 409ea8 MessageBoxA 5515->5518 5562 406928 5516->5562 5518->5507 5520 409eb5 5518->5520 5612 405864 5520->5612 5525 409f0c 5589 403340 5525->5589 5527 409f1a 5528 4031e8 18 API calls 5527->5528 5529 409f2a 5528->5529 5530 4074e0 37 API calls 5529->5530 5531 409f69 5530->5531 5532 402594 18 API calls 5531->5532 5533 409f89 5532->5533 5534 407a28 19 API calls 5533->5534 5535 409fcb 5534->5535 5536 407cb8 35 API calls 5535->5536 5537 409ff2 5536->5537 5616 40953c 5538->5616 5543->5510 5561 409350 5544->5561 5547 409375 CreateDirectoryA 5548 4093ed 5547->5548 5549 40937f GetLastError 5547->5549 5550 40322c 4 API calls 5548->5550 5549->5561 5551 4093f7 5550->5551 5553 4031b8 4 API calls 5551->5553 5552 408dd8 18 API calls 5552->5561 5555 409411 5553->5555 5556 4031b8 4 API calls 5555->5556 5558 40941e 5556->5558 5557 407284 19 API calls 5557->5561 5558->5514 5560 405890 18 API calls 5560->5561 5561->5547 5561->5552 5561->5557 5561->5560 5708 406cf4 5561->5708 5731 409224 5561->5731 5750 404c94 5561->5750 5753 408da8 5561->5753 5863 406820 5562->5863 5565 403454 18 API calls 5566 40694a 5565->5566 5567 4066c0 5566->5567 5868 4068e4 5567->5868 5570 4066f0 5572 403340 18 API calls 5570->5572 5571 4066fe 5573 403454 18 API calls 5571->5573 5574 4066fc 5572->5574 5575 406711 5573->5575 5577 403198 4 API calls 5574->5577 5576 403340 18 API calls 5575->5576 5576->5574 5578 406733 5577->5578 5579 406638 5578->5579 5580 406642 5579->5580 5581 406665 5579->5581 5874 406950 5580->5874 5582 40322c 4 API calls 5581->5582 5584 40666e 5582->5584 5584->5525 5585 406649 5585->5581 5586 406654 5585->5586 5587 403340 18 API calls 5586->5587 5588 406662 5587->5588 5588->5525 5590 403344 5589->5590 5591 4033a5 5589->5591 5592 4031e8 5590->5592 5593 40334c 5590->5593 5595 4031fc 5592->5595 5596 403254 18 API calls 5592->5596 5593->5591 5598 4031e8 18 API calls 5593->5598 5599 40335b 5593->5599 5594 403228 5594->5527 5595->5594 5600 4025ac 4 API calls 5595->5600 5596->5595 5597 403254 18 API calls 5601 403375 5597->5601 5598->5599 5599->5597 5600->5594 5602 4031e8 18 API calls 5601->5602 5603 4033a1 5602->5603 5603->5527 5605 403154 4 API calls 5604->5605 5606 402f29 5605->5606 5880 402bcc 5606->5880 5608 402f51 5608->5608 5610 408da8 18 API calls 5609->5610 5611 408df4 5610->5611 5611->5515 5613 405869 5612->5613 5614 405940 19 API calls 5613->5614 5615 40587b 5614->5615 5615->5615 5623 40955b 5616->5623 5617 409590 5619 40959d GetUserDefaultLangID 5617->5619 5624 409592 5617->5624 5618 409594 5634 407024 GetModuleHandleA GetProcAddress 5618->5634 5619->5624 5622 40956f 5628 409884 5622->5628 5623->5617 5623->5618 5623->5622 5624->5622 5625 4095cb GetACP 5624->5625 5626 4095ef 5624->5626 5625->5622 5625->5624 5626->5622 5627 409615 GetACP 5626->5627 5627->5622 5627->5626 5629 40988c 5628->5629 5633 4098c6 5628->5633 5630 403420 18 API calls 5629->5630 5629->5633 5631 4098c0 5630->5631 5692 408e80 5631->5692 5633->5509 5635 407067 5634->5635 5636 40705e 5634->5636 5637 407070 5635->5637 5638 4070a8 5635->5638 5645 403198 4 API calls 5636->5645 5655 406f68 5637->5655 5640 406f68 RegOpenKeyExA 5638->5640 5643 4070c1 5640->5643 5641 407089 5642 4070de 5641->5642 5658 406f5c 5641->5658 5647 40322c 4 API calls 5642->5647 5643->5642 5646 406f5c 20 API calls 5643->5646 5649 407120 5645->5649 5650 4070d5 RegCloseKey 5646->5650 5651 4070eb 5647->5651 5652 403198 4 API calls 5649->5652 5650->5642 5661 4032fc 5651->5661 5654 407128 5652->5654 5654->5624 5656 406f73 5655->5656 5657 406f79 RegOpenKeyExA 5655->5657 5656->5657 5657->5641 5675 406e10 5658->5675 5662 403300 5661->5662 5663 40333f 5661->5663 5664 40330a 5662->5664 5670 4031e8 5662->5670 5663->5636 5665 403334 5664->5665 5666 40331d 5664->5666 5667 4034f0 18 API calls 5665->5667 5669 4034f0 18 API calls 5666->5669 5674 403322 5667->5674 5668 403228 5668->5636 5669->5674 5671 403254 18 API calls 5670->5671 5672 4031fc 5670->5672 5671->5672 5672->5668 5673 4025ac 4 API calls 5672->5673 5673->5668 5674->5636 5676 406e36 RegQueryValueExA 5675->5676 5677 406e7b 5676->5677 5682 406e59 5676->5682 5679 403198 4 API calls 5677->5679 5678 406e73 5680 403198 4 API calls 5678->5680 5681 406f47 RegCloseKey 5679->5681 5680->5677 5681->5642 5682->5677 5682->5678 5683 403278 18 API calls 5682->5683 5684 403420 18 API calls 5682->5684 5683->5682 5685 406eb0 RegQueryValueExA 5684->5685 5685->5676 5686 406ecc 5685->5686 5686->5677 5687 4034f0 18 API calls 5686->5687 5688 406f0e 5687->5688 5689 406f20 5688->5689 5691 403420 18 API calls 5688->5691 5690 4031e8 18 API calls 5689->5690 5690->5677 5691->5689 5693 408e8e 5692->5693 5695 408ea6 5693->5695 5705 408e18 5693->5705 5696 408e18 18 API calls 5695->5696 5697 408eca 5695->5697 5696->5697 5698 407918 InterlockedExchange 5697->5698 5699 408ee5 5698->5699 5700 408e18 18 API calls 5699->5700 5702 408ef8 5699->5702 5700->5702 5701 408e18 18 API calls 5701->5702 5702->5701 5703 403278 18 API calls 5702->5703 5704 408f27 5702->5704 5703->5702 5704->5633 5706 405890 18 API calls 5705->5706 5707 408e29 5706->5707 5707->5695 5757 406a58 5708->5757 5711 406d26 5713 406a58 19 API calls 5711->5713 5714 406d72 5711->5714 5716 406d36 5713->5716 5765 406888 5714->5765 5715 406d42 5715->5714 5719 406d67 5715->5719 5722 406a58 19 API calls 5715->5722 5716->5715 5718 406a34 21 API calls 5716->5718 5718->5715 5719->5714 5777 406cc8 GetWindowsDirectoryA 5719->5777 5724 406d5b 5722->5724 5723 406638 19 API calls 5725 406d87 5723->5725 5724->5719 5727 406a34 21 API calls 5724->5727 5726 40322c 4 API calls 5725->5726 5728 406d91 5726->5728 5727->5719 5729 4031b8 4 API calls 5728->5729 5730 406dab 5729->5730 5730->5561 5732 409244 5731->5732 5733 406638 19 API calls 5732->5733 5734 40925d 5733->5734 5735 40322c 4 API calls 5734->5735 5736 409268 5735->5736 5737 406978 20 API calls 5736->5737 5739 4033b4 18 API calls 5736->5739 5740 408dd8 18 API calls 5736->5740 5742 405890 18 API calls 5736->5742 5743 4092e4 5736->5743 5817 4091b0 5736->5817 5825 409034 5736->5825 5737->5736 5739->5736 5740->5736 5742->5736 5744 40322c 4 API calls 5743->5744 5745 4092ef 5744->5745 5746 4031b8 4 API calls 5745->5746 5747 409309 5746->5747 5748 403198 4 API calls 5747->5748 5749 409311 5748->5749 5749->5561 5751 4051a8 33 API calls 5750->5751 5752 404cb2 5751->5752 5752->5561 5754 408dc8 5753->5754 5853 408c80 5754->5853 5758 4034f0 18 API calls 5757->5758 5760 406a6b 5758->5760 5759 406a82 GetEnvironmentVariableA 5759->5760 5761 406a8e 5759->5761 5760->5759 5764 406a95 5760->5764 5779 406dec 5760->5779 5762 403198 4 API calls 5761->5762 5762->5764 5764->5711 5774 406a34 5764->5774 5766 403414 5765->5766 5767 4068ab GetFullPathNameA 5766->5767 5768 4068b7 5767->5768 5769 4068ce 5767->5769 5768->5769 5770 4068bf 5768->5770 5771 40322c 4 API calls 5769->5771 5772 403278 18 API calls 5770->5772 5773 4068cc 5771->5773 5772->5773 5773->5723 5783 4069dc 5774->5783 5778 406ce9 5777->5778 5778->5714 5780 406dfa 5779->5780 5781 4034f0 18 API calls 5780->5781 5782 406e08 5781->5782 5782->5760 5790 406978 5783->5790 5785 4069fe 5786 406a06 GetFileAttributesA 5785->5786 5787 406a1b 5786->5787 5788 403198 4 API calls 5787->5788 5789 406a23 5788->5789 5789->5711 5800 406744 5790->5800 5792 4069b0 5795 4069c6 5792->5795 5796 4069bb 5792->5796 5794 406989 5794->5792 5807 406970 CharPrevA 5794->5807 5808 403454 5795->5808 5797 40322c 4 API calls 5796->5797 5799 4069c4 5797->5799 5799->5785 5803 406755 5800->5803 5801 4067b9 5802 406680 IsDBCSLeadByte 5801->5802 5804 4067b4 5801->5804 5802->5804 5803->5801 5805 406773 5803->5805 5804->5794 5805->5804 5815 406680 IsDBCSLeadByte 5805->5815 5807->5794 5809 403486 5808->5809 5810 403459 5808->5810 5811 403198 4 API calls 5809->5811 5810->5809 5813 40346d 5810->5813 5812 40347c 5811->5812 5812->5799 5814 403278 18 API calls 5813->5814 5814->5812 5816 406694 5815->5816 5816->5805 5818 403198 4 API calls 5817->5818 5820 4091d1 5818->5820 5822 4091fe 5820->5822 5834 4032a8 5820->5834 5837 403494 5820->5837 5823 403198 4 API calls 5822->5823 5824 409213 5823->5824 5824->5736 5841 408f70 5825->5841 5827 40904a 5828 40904e 5827->5828 5847 406a48 5827->5847 5828->5736 5831 409081 5850 408fac 5831->5850 5835 403278 18 API calls 5834->5835 5836 4032b5 5835->5836 5836->5820 5838 4034c3 5837->5838 5839 403498 5837->5839 5838->5820 5840 4034f0 18 API calls 5839->5840 5840->5838 5842 408f7a 5841->5842 5843 408f7e 5841->5843 5842->5827 5844 408fa0 SetLastError 5843->5844 5845 408f87 Wow64DisableWow64FsRedirection 5843->5845 5846 408f9b 5844->5846 5845->5846 5846->5827 5848 4069dc 21 API calls 5847->5848 5849 406a52 GetLastError 5848->5849 5849->5831 5851 408fb1 Wow64RevertWow64FsRedirection 5850->5851 5852 408fbb 5850->5852 5851->5852 5852->5736 5854 403198 4 API calls 5853->5854 5860 408cb1 5853->5860 5854->5860 5855 408cdc 5856 4031b8 4 API calls 5855->5856 5857 408d69 5856->5857 5857->5561 5858 408cc8 5861 4032fc 18 API calls 5858->5861 5859 403278 18 API calls 5859->5860 5860->5855 5860->5858 5860->5859 5862 4032fc 18 API calls 5860->5862 5861->5855 5862->5860 5864 406744 IsDBCSLeadByte 5863->5864 5866 406835 5864->5866 5865 40687f 5865->5565 5866->5865 5867 406680 IsDBCSLeadByte 5866->5867 5867->5866 5869 4068f3 5868->5869 5870 406820 IsDBCSLeadByte 5869->5870 5872 4068fe 5870->5872 5871 4066ea 5871->5570 5871->5571 5872->5871 5873 406680 IsDBCSLeadByte 5872->5873 5873->5872 5875 406957 5874->5875 5876 40695b 5874->5876 5875->5585 5879 406970 CharPrevA 5876->5879 5878 40696c 5878->5585 5879->5878 5881 402bd5 RaiseException 5880->5881 5882 402be6 5880->5882 5881->5882 5882->5608 6135 402e64 6136 402e69 6135->6136 6137 402e7a RtlUnwind 6136->6137 6138 402e5e 6136->6138 6139 402e9d 6137->6139 6152 40667c IsDBCSLeadByte 6153 406694 6152->6153 6661 403f7d 6662 403fa2 6661->6662 6663 403f84 6661->6663 6662->6663 6665 403e8e 4 API calls 6662->6665 6664 403f8c 6663->6664 6666 402674 4 API calls 6663->6666 6665->6663 6667 403fca 6666->6667 6674 403d02 6676 403d12 6674->6676 6675 403ddf ExitProcess 6676->6675 6677 403db8 6676->6677 6680 403dea 6676->6680 6684 403da4 6676->6684 6685 403d8f MessageBoxA 6676->6685 6678 403cc8 4 API calls 6677->6678 6679 403dc2 6678->6679 6681 403cc8 4 API calls 6679->6681 6682 403dcc 6681->6682 6694 4019dc 6682->6694 6690 403fe4 6684->6690 6685->6677 6686 403dd1 6686->6675 6686->6680 6691 403fe8 6690->6691 6692 403f07 4 API calls 6691->6692 6693 404006 6692->6693 6695 401abb 6694->6695 6696 4019ed 6694->6696 6695->6686 6697 401a04 RtlEnterCriticalSection 6696->6697 6698 401a0e LocalFree 6696->6698 6697->6698 6699 401a41 6698->6699 6700 401a2f VirtualFree 6699->6700 6701 401a49 6699->6701 6700->6699 6702 401a70 LocalFree 6701->6702 6703 401a87 6701->6703 6702->6702 6702->6703 6704 401aa9 RtlDeleteCriticalSection 6703->6704 6705 401a9f RtlLeaveCriticalSection 6703->6705 6704->6686 6705->6704 6158 404206 6159 4041cc 6158->6159 6162 40420a 6158->6162 6160 404282 6161 403154 4 API calls 6163 404323 6161->6163 6162->6160 6162->6161 6164 402c08 6167 402c82 6164->6167 6168 402c19 6164->6168 6165 402c56 RtlUnwind 6166 403154 4 API calls 6165->6166 6166->6167 6168->6165 6168->6167 6171 402b28 6168->6171 6172 402b31 RaiseException 6171->6172 6173 402b47 6171->6173 6172->6173 6173->6165 6174 408c10 6175 408c17 6174->6175 6176 403198 4 API calls 6175->6176 6184 408cb1 6176->6184 6177 408cdc 6178 4031b8 4 API calls 6177->6178 6179 408d69 6178->6179 6180 408cc8 6182 4032fc 18 API calls 6180->6182 6181 403278 18 API calls 6181->6184 6182->6177 6183 4032fc 18 API calls 6183->6184 6184->6177 6184->6180 6184->6181 6184->6183 6185 40a011 6186 40a036 6185->6186 6187 407918 InterlockedExchange 6186->6187 6188 40a060 6187->6188 6189 40a070 6188->6189 6190 409aa0 18 API calls 6188->6190 6195 4076ac SetEndOfFile 6189->6195 6190->6189 6192 40a08c 6193 4025ac 4 API calls 6192->6193 6194 40a0c3 6193->6194 6196 4076c3 6195->6196 6197 4076bc 6195->6197 6196->6192 6198 40748c 35 API calls 6197->6198 6198->6196 6706 409916 6707 409918 6706->6707 6708 40993a 6707->6708 6709 409956 CallWindowProcA 6707->6709 6709->6708 5934 407017 5935 407008 SetErrorMode 5934->5935 6203 403018 6204 403070 6203->6204 6205 403025 6203->6205 6206 40302a RtlUnwind 6205->6206 6207 40304e 6206->6207 6209 402f78 6207->6209 6210 402be8 6207->6210 6211 402bf1 RaiseException 6210->6211 6212 402c04 6210->6212 6211->6212 6212->6204 6716 409918 6717 40993a 6716->6717 6719 409927 6716->6719 6718 409956 CallWindowProcA 6718->6717 6719->6717 6719->6718 6217 40901e 6218 409010 6217->6218 6219 408fac Wow64RevertWow64FsRedirection 6218->6219 6220 409018 6219->6220 6221 409020 SetLastError 6222 409029 6221->6222 6237 403a28 ReadFile 6238 403a46 6237->6238 6239 403a49 GetLastError 6237->6239 6072 40762c ReadFile 6073 407663 6072->6073 6074 40764c 6072->6074 6075 407652 GetLastError 6074->6075 6076 40765c 6074->6076 6075->6073 6075->6076 6077 40748c 35 API calls 6076->6077 6077->6073 6244 40a02c 6245 409aa0 18 API calls 6244->6245 6246 40a031 6245->6246 6247 40a036 6246->6247 6248 402f24 5 API calls 6246->6248 6249 407918 InterlockedExchange 6247->6249 6248->6247 6250 40a060 6249->6250 6251 40a070 6250->6251 6252 409aa0 18 API calls 6250->6252 6253 4076ac 36 API calls 6251->6253 6252->6251 6254 40a08c 6253->6254 6255 4025ac 4 API calls 6254->6255 6256 40a0c3 6255->6256 6724 40712e 6725 407118 6724->6725 6726 403198 4 API calls 6725->6726 6727 407120 6726->6727 6728 403198 4 API calls 6727->6728 6729 407128 6728->6729 6730 408f30 6733 408dfc 6730->6733 6734 408e05 6733->6734 6735 403198 4 API calls 6734->6735 6736 408e13 6734->6736 6735->6734 6737 403932 6738 403924 6737->6738 6741 40374c 6738->6741 6740 40392c 6742 403766 6741->6742 6743 403759 6741->6743 6742->6740 6743->6742 6744 403779 VariantClear 6743->6744 6744->6740 5883 4075c4 SetFilePointer 5884 4075f7 5883->5884 5885 4075e7 GetLastError 5883->5885 5885->5884 5886 4075f0 5885->5886 5887 40748c 35 API calls 5886->5887 5887->5884 6257 4076c8 WriteFile 6258 4076e8 6257->6258 6261 4076ef 6257->6261 6259 40748c 35 API calls 6258->6259 6259->6261 6260 407700 6261->6260 6262 4073ec 34 API calls 6261->6262 6262->6260 6263 40a2ca 6272 4096fc 6263->6272 6266 402f24 5 API calls 6267 40a2d4 6266->6267 6268 403198 4 API calls 6267->6268 6269 40a2f3 6268->6269 6270 403198 4 API calls 6269->6270 6271 40a2fb 6270->6271 6281 4056ac 6272->6281 6274 409745 6277 403198 4 API calls 6274->6277 6275 409717 6275->6274 6287 40720c 6275->6287 6279 40975a 6277->6279 6278 409735 6280 40973d MessageBoxA 6278->6280 6279->6266 6280->6274 6282 403154 4 API calls 6281->6282 6283 4056b1 6282->6283 6284 4056c9 6283->6284 6285 403154 4 API calls 6283->6285 6284->6275 6286 4056bf 6285->6286 6286->6275 6288 4056ac 4 API calls 6287->6288 6289 40721b 6288->6289 6290 407221 6289->6290 6291 40722f 6289->6291 6292 40322c 4 API calls 6290->6292 6294 40724b 6291->6294 6295 40723f 6291->6295 6293 40722d 6292->6293 6293->6278 6305 4032b8 6294->6305 6298 4071d0 6295->6298 6299 40322c 4 API calls 6298->6299 6300 4071df 6299->6300 6301 4071fc 6300->6301 6302 406950 CharPrevA 6300->6302 6301->6293 6303 4071eb 6302->6303 6303->6301 6304 4032fc 18 API calls 6303->6304 6304->6301 6306 403278 18 API calls 6305->6306 6307 4032c2 6306->6307 6307->6293 6308 402ccc 6311 402cfe 6308->6311 6313 402cdd 6308->6313 6309 402d88 RtlUnwind 6310 403154 4 API calls 6309->6310 6310->6311 6312 402b28 RaiseException 6314 402d7f 6312->6314 6313->6309 6313->6311 6313->6312 6314->6309 6753 403fcd 6754 403f07 4 API calls 6753->6754 6755 403fd6 6754->6755 6756 403e9c 4 API calls 6755->6756 6757 403fe2 6756->6757 6315 4024d0 6316 4024e4 6315->6316 6317 4024e9 6315->6317 6318 401918 4 API calls 6316->6318 6319 402518 6317->6319 6320 40250e RtlEnterCriticalSection 6317->6320 6322 4024ed 6317->6322 6318->6317 6330 402300 6319->6330 6320->6319 6324 402525 6326 402581 6324->6326 6327 402577 RtlLeaveCriticalSection 6324->6327 6325 401fd4 14 API calls 6328 402531 6325->6328 6327->6326 6328->6324 6340 40215c 6328->6340 6331 402314 6330->6331 6333 4023b8 6331->6333 6334 402335 6331->6334 6332 402344 6332->6324 6332->6325 6333->6332 6338 402455 6333->6338 6357 401d80 6333->6357 6361 401e84 6333->6361 6334->6332 6354 401b74 6334->6354 6338->6332 6339 401d00 9 API calls 6338->6339 6339->6332 6341 40217a 6340->6341 6342 402175 6340->6342 6343 4021ab RtlEnterCriticalSection 6341->6343 6346 4021b5 6341->6346 6350 40217e 6341->6350 6344 401918 4 API calls 6342->6344 6343->6346 6344->6341 6345 4021c1 6348 4022e3 RtlLeaveCriticalSection 6345->6348 6349 4022ed 6345->6349 6346->6345 6347 402244 6346->6347 6352 402270 6346->6352 6347->6350 6351 401d80 7 API calls 6347->6351 6348->6349 6349->6324 6350->6324 6351->6350 6352->6345 6353 401d00 7 API calls 6352->6353 6353->6345 6355 40215c 9 API calls 6354->6355 6356 401b95 6355->6356 6356->6332 6358 401d89 6357->6358 6360 401d92 6357->6360 6359 401b74 9 API calls 6358->6359 6358->6360 6359->6360 6360->6333 6366 401768 6361->6366 6363 401e99 6364 401ea6 6363->6364 6377 401dcc 6363->6377 6364->6333 6367 401787 6366->6367 6368 40183b 6367->6368 6369 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6367->6369 6371 40132c LocalAlloc 6367->6371 6372 401821 6367->6372 6374 4017d6 6367->6374 6376 4017e7 6368->6376 6388 4015c4 6368->6388 6369->6367 6371->6367 6373 40150c VirtualFree 6372->6373 6373->6376 6384 40150c 6374->6384 6376->6363 6378 401d80 9 API calls 6377->6378 6379 401de0 6378->6379 6392 40132c 6379->6392 6381 401df0 6382 401df8 6381->6382 6396 401b44 6381->6396 6382->6364 6387 40153b 6384->6387 6385 401594 6385->6376 6386 401568 VirtualFree 6386->6387 6387->6385 6387->6386 6389 40160a 6388->6389 6390 401626 VirtualAlloc 6389->6390 6391 40163a 6389->6391 6390->6389 6390->6391 6391->6376 6393 401348 6392->6393 6401 4012e4 6393->6401 6397 401b61 6396->6397 6398 401b52 6396->6398 6397->6382 6399 401d00 9 API calls 6398->6399 6400 401b5f 6399->6400 6400->6382 6404 40128c 6401->6404 6405 401298 LocalAlloc 6404->6405 6406 4012aa 6404->6406 6405->6406 6406->6381 6407 4028d2 6411 4028da 6407->6411 6408 403554 4 API calls 6408->6411 6409 4028ef 6410 4025ac 4 API calls 6409->6410 6412 4028f4 6410->6412 6411->6408 6411->6409 6758 4019d3 6759 4019ba 6758->6759 6760 4019c3 RtlLeaveCriticalSection 6759->6760 6761 4019cd 6759->6761 6760->6761 5888 407fd4 5889 407fe6 5888->5889 5891 407fed 5888->5891 5899 407f10 5889->5899 5892 408021 5891->5892 5894 408015 5891->5894 5895 408017 5891->5895 5893 40804e 5892->5893 5896 407d7c 33 API calls 5892->5896 5913 407e2c 5894->5913 5910 407d7c 5895->5910 5896->5893 5900 407f25 5899->5900 5901 407f34 5900->5901 5902 407d7c 33 API calls 5900->5902 5903 407f6e 5901->5903 5904 407d7c 33 API calls 5901->5904 5902->5901 5905 407f82 5903->5905 5906 407d7c 33 API calls 5903->5906 5904->5903 5909 407fae 5905->5909 5920 407eb8 5905->5920 5906->5905 5909->5891 5923 4058c4 5910->5923 5912 407d9e 5912->5892 5914 405194 33 API calls 5913->5914 5915 407e57 5914->5915 5931 407de4 5915->5931 5917 407e5f 5918 403198 4 API calls 5917->5918 5919 407e74 5918->5919 5919->5892 5921 407ec7 VirtualFree 5920->5921 5922 407ed9 VirtualAlloc 5920->5922 5921->5922 5922->5909 5924 4058d0 5923->5924 5925 405194 33 API calls 5924->5925 5926 4058fd 5925->5926 5927 4031e8 18 API calls 5926->5927 5928 405908 5927->5928 5929 403198 4 API calls 5928->5929 5930 40591d 5929->5930 5930->5912 5932 4058c4 33 API calls 5931->5932 5933 407e06 5932->5933 5933->5917 6417 405ad4 6418 405adc 6417->6418 6421 405ae4 6417->6421 6419 405ae2 6418->6419 6420 405aeb 6418->6420 6424 405a4c 6419->6424 6422 405940 19 API calls 6420->6422 6422->6421 6425 405a54 6424->6425 6426 405a6e 6425->6426 6427 403154 4 API calls 6425->6427 6428 405a73 6426->6428 6429 405a8a 6426->6429 6427->6425 6430 405940 19 API calls 6428->6430 6431 403154 4 API calls 6429->6431 6432 405a86 6430->6432 6433 405a8f 6431->6433 6435 403154 4 API calls 6432->6435 6434 4059b0 33 API calls 6433->6434 6434->6432 6436 405ab8 6435->6436 6437 403154 4 API calls 6436->6437 6438 405ac6 6437->6438 6438->6421 6439 40a0d5 6440 40a105 6439->6440 6441 40a10f CreateWindowExA SetWindowLongA 6440->6441 6442 405194 33 API calls 6441->6442 6443 40a192 6442->6443 6444 4032fc 18 API calls 6443->6444 6445 40a1a0 6444->6445 6446 4032fc 18 API calls 6445->6446 6447 40a1ad 6446->6447 6448 406b7c 19 API calls 6447->6448 6449 40a1b9 6448->6449 6450 4032fc 18 API calls 6449->6450 6451 40a1c2 6450->6451 6452 4099a4 43 API calls 6451->6452 6453 40a1d4 6452->6453 6454 409884 19 API calls 6453->6454 6455 40a1e7 6453->6455 6454->6455 6456 40a220 6455->6456 6457 4094d8 9 API calls 6455->6457 6458 40a239 6456->6458 6462 40a233 RemoveDirectoryA 6456->6462 6457->6456 6459 40a242 DestroyWindow 6458->6459 6460 40a24d 6458->6460 6459->6460 6461 40a275 6460->6461 6463 40357c 4 API calls 6460->6463 6462->6458 6464 40a26b 6463->6464 6465 4025ac 4 API calls 6464->6465 6465->6461 5936 40a0e7 5937 40a0eb SetLastError 5936->5937 5968 409648 GetLastError 5937->5968 5940 40a105 5942 40a10f CreateWindowExA SetWindowLongA 5940->5942 5941 402f24 5 API calls 5941->5940 5943 405194 33 API calls 5942->5943 5944 40a192 5943->5944 5945 4032fc 18 API calls 5944->5945 5946 40a1a0 5945->5946 5947 4032fc 18 API calls 5946->5947 5948 40a1ad 5947->5948 5981 406b7c GetCommandLineA 5948->5981 5951 4032fc 18 API calls 5952 40a1c2 5951->5952 5986 4099a4 5952->5986 5955 409884 19 API calls 5956 40a1e7 5955->5956 5957 40a220 5956->5957 5958 40a207 5956->5958 5960 40a239 5957->5960 5964 40a233 RemoveDirectoryA 5957->5964 6002 4094d8 5958->6002 5961 40a242 DestroyWindow 5960->5961 5962 40a24d 5960->5962 5961->5962 5963 40a275 5962->5963 6010 40357c 5962->6010 5964->5960 5966 40a26b 5967 4025ac 4 API calls 5966->5967 5967->5963 5969 404c94 33 API calls 5968->5969 5970 40968f 5969->5970 5971 407284 19 API calls 5970->5971 5972 40969f 5971->5972 5973 408da8 18 API calls 5972->5973 5974 4096b4 5973->5974 5975 405890 18 API calls 5974->5975 5976 4096c3 5975->5976 5977 4031b8 4 API calls 5976->5977 5978 4096e2 5977->5978 5979 403198 4 API calls 5978->5979 5980 4096ea 5979->5980 5980->5940 5980->5941 5982 406af0 18 API calls 5981->5982 5983 406ba1 5982->5983 5984 403198 4 API calls 5983->5984 5985 406bbf 5984->5985 5985->5951 5987 4033b4 18 API calls 5986->5987 5988 4099df 5987->5988 5989 409a11 CreateProcessA 5988->5989 5990 409a24 CloseHandle 5989->5990 5991 409a1d 5989->5991 5993 409a2d 5990->5993 5992 409648 35 API calls 5991->5992 5992->5990 6023 409978 5993->6023 5996 409a49 5997 409978 3 API calls 5996->5997 5998 409a4e GetExitCodeProcess CloseHandle 5997->5998 5999 409a6e 5998->5999 6000 403198 4 API calls 5999->6000 6001 409a76 6000->6001 6001->5955 6001->5956 6003 409532 6002->6003 6005 4094eb 6002->6005 6003->5957 6004 4094f3 Sleep 6004->6005 6005->6003 6005->6004 6006 409503 Sleep 6005->6006 6008 40951a GetLastError 6005->6008 6027 408fbc 6005->6027 6006->6005 6008->6003 6009 409524 GetLastError 6008->6009 6009->6003 6009->6005 6011 403591 6010->6011 6012 4035a0 6010->6012 6017 4035d0 6011->6017 6018 40359b 6011->6018 6019 4035b6 6011->6019 6013 4035b1 6012->6013 6014 4035b8 6012->6014 6015 403198 4 API calls 6013->6015 6016 4031b8 4 API calls 6014->6016 6015->6019 6016->6019 6017->6019 6021 40357c 4 API calls 6017->6021 6018->6012 6020 4035ec 6018->6020 6019->5966 6020->6019 6035 403554 6020->6035 6021->6017 6024 40998c PeekMessageA 6023->6024 6025 409980 TranslateMessage DispatchMessageA 6024->6025 6026 40999e MsgWaitForMultipleObjects 6024->6026 6025->6024 6026->5993 6026->5996 6028 408f70 2 API calls 6027->6028 6029 408fd2 6028->6029 6030 408fd6 6029->6030 6031 408ff2 DeleteFileA GetLastError 6029->6031 6030->6005 6032 409010 6031->6032 6033 408fac Wow64RevertWow64FsRedirection 6032->6033 6034 409018 6033->6034 6034->6005 6037 403566 6035->6037 6038 403578 6037->6038 6039 403604 6037->6039 6038->6020 6040 40357c 6039->6040 6041 4035a0 6040->6041 6046 40359b 6040->6046 6047 4035b6 6040->6047 6050 4035d0 6040->6050 6042 4035b1 6041->6042 6043 4035b8 6041->6043 6044 403198 4 API calls 6042->6044 6045 4031b8 4 API calls 6043->6045 6044->6047 6045->6047 6046->6041 6051 4035ec 6046->6051 6047->6037 6048 40357c 4 API calls 6048->6050 6049 403554 4 API calls 6049->6051 6050->6047 6050->6048 6051->6047 6051->6049 6765 402be9 RaiseException 6766 402c04 6765->6766 6472 402af2 6473 402afe 6472->6473 6476 402ed0 6473->6476 6477 403154 4 API calls 6476->6477 6479 402ee0 6477->6479 6478 402b03 6479->6478 6481 402b0c 6479->6481 6482 402b25 6481->6482 6483 402b15 RaiseException 6481->6483 6482->6478 6483->6482 6767 402dfa 6768 402e26 6767->6768 6769 402e0d 6767->6769 6771 402ba4 6769->6771 6772 402bc9 6771->6772 6773 402bad 6771->6773 6772->6768 6774 402bb5 RaiseException 6773->6774 6774->6772 6775 4075fa GetFileSize 6776 407626 6775->6776 6777 407616 GetLastError 6775->6777 6777->6776 6778 40761f 6777->6778 6779 40748c 35 API calls 6778->6779 6779->6776 6780 406ffb 6781 407008 SetErrorMode 6780->6781 6488 403a80 CloseHandle 6489 403a90 6488->6489 6490 403a91 GetLastError 6488->6490 6491 40a282 6493 40a1f4 6491->6493 6492 40a220 6495 40a239 6492->6495 6499 40a233 RemoveDirectoryA 6492->6499 6493->6492 6494 4094d8 9 API calls 6493->6494 6494->6492 6496 40a242 DestroyWindow 6495->6496 6497 40a24d 6495->6497 6496->6497 6498 40a275 6497->6498 6500 40357c 4 API calls 6497->6500 6499->6495 6501 40a26b 6500->6501 6502 4025ac 4 API calls 6501->6502 6502->6498 6503 404283 6504 4042c3 6503->6504 6505 403154 4 API calls 6504->6505 6506 404323 6505->6506 6782 404185 6783 4041ff 6782->6783 6784 4041cc 6783->6784 6785 403154 4 API calls 6783->6785 6786 404323 6785->6786 6507 40a287 6508 40a290 6507->6508 6510 40a2bb 6507->6510 6517 409448 6508->6517 6512 403198 4 API calls 6510->6512 6511 40a295 6511->6510 6514 40a2b3 MessageBoxA 6511->6514 6513 40a2f3 6512->6513 6515 403198 4 API calls 6513->6515 6514->6510 6516 40a2fb 6515->6516 6518 409454 GetCurrentProcess OpenProcessToken 6517->6518 6519 4094af ExitWindowsEx 6517->6519 6520 409466 6518->6520 6521 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6518->6521 6519->6520 6520->6511 6521->6519 6521->6520 6522 403e87 6523 403e4c 6522->6523 6524 403e67 6523->6524 6525 403e62 6523->6525 6526 403e7b 6523->6526 6529 403e78 6524->6529 6535 402674 6524->6535 6531 403cc8 6525->6531 6528 402674 4 API calls 6526->6528 6528->6529 6532 403cd6 6531->6532 6533 403ceb 6532->6533 6534 402674 4 API calls 6532->6534 6533->6524 6534->6533 6536 403154 4 API calls 6535->6536 6537 40267a 6536->6537 6537->6529 6546 407e90 6547 407eb8 VirtualFree 6546->6547 6548 407e9d 6547->6548 6791 403991 6792 403983 6791->6792 6793 40374c VariantClear 6792->6793 6794 40398b 6793->6794 6551 403e95 6552 403e4c 6551->6552 6553 403e67 6552->6553 6554 403e62 6552->6554 6555 403e7b 6552->6555 6558 403e78 6553->6558 6559 402674 4 API calls 6553->6559 6556 403cc8 4 API calls 6554->6556 6557 402674 4 API calls 6555->6557 6556->6553 6557->6558 6559->6558 6560 403a97 6561 403aac 6560->6561 6562 403bbc GetStdHandle 6561->6562 6563 403b0e CreateFileA 6561->6563 6572 403ab2 6561->6572 6564 403c17 GetLastError 6562->6564 6577 403bba 6562->6577 6563->6564 6565 403b2c 6563->6565 6564->6572 6567 403b3b GetFileSize 6565->6567 6565->6577 6567->6564 6568 403b4e SetFilePointer 6567->6568 6568->6564 6573 403b6a ReadFile 6568->6573 6569 403be7 GetFileType 6571 403c02 CloseHandle 6569->6571 6569->6572 6571->6572 6573->6564 6574 403b8c 6573->6574 6575 403b9f SetFilePointer 6574->6575 6574->6577 6575->6564 6576 403bb0 SetEndOfFile 6575->6576 6576->6564 6576->6577 6577->6569 6577->6572 6799 405ba2 6801 405ba4 6799->6801 6800 405be0 6804 405940 19 API calls 6800->6804 6801->6800 6802 405bf7 6801->6802 6803 405bda 6801->6803 6807 404cdc 19 API calls 6802->6807 6803->6800 6805 405c4c 6803->6805 6812 405bf3 6804->6812 6806 4059b0 33 API calls 6805->6806 6806->6812 6808 405c20 6807->6808 6810 4059b0 33 API calls 6808->6810 6809 403198 4 API calls 6811 405c86 6809->6811 6810->6812 6812->6809 6813 408da4 6814 408dc8 6813->6814 6815 408c80 18 API calls 6814->6815 6816 408dd1 6815->6816 6578 402caa 6579 403154 4 API calls 6578->6579 6580 402caf 6579->6580 6831 4011aa 6832 4011ac GetStdHandle 6831->6832 6078 4076ac SetEndOfFile 6079 4076c3 6078->6079 6080 4076bc 6078->6080 6081 40748c 35 API calls 6080->6081 6081->6079 6581 4028ac 6582 402594 18 API calls 6581->6582 6583 4028b6 6582->6583 6584 401ab9 6585 401a96 6584->6585 6586 401aa9 RtlDeleteCriticalSection 6585->6586 6587 401a9f RtlLeaveCriticalSection 6585->6587 6587->6586

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 116 409b30-409b54 GetSystemInfo VirtualQuery 117 409be4-409beb 116->117 118 409b5a 116->118 119 409bd9-409bde 118->119 119->117 120 409b5c-409b63 119->120 121 409bc5-409bd7 VirtualQuery 120->121 122 409b65-409b69 120->122 121->117 121->119 122->121 123 409b6b-409b73 122->123 124 409b84-409b95 VirtualProtect 123->124 125 409b75-409b78 123->125 127 409b97 124->127 128 409b99-409b9b 124->128 125->124 126 409b7a-409b7d 125->126 126->124 129 409b7f-409b82 126->129 127->128 130 409baa-409bad 128->130 129->124 129->128 131 409b9d-409ba6 call 409b28 130->131 132 409baf-409bb1 130->132 131->130 132->121 134 409bb3-409bc0 VirtualProtect 132->134 134->121
                                                                                        APIs
                                                                                        • GetSystemInfo.KERNEL32(?), ref: 00409B42
                                                                                        • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B4D
                                                                                        • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409B8E
                                                                                        • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BC0
                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409BD0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                        • String ID:
                                                                                        • API String ID: 2441996862-0
                                                                                        • Opcode ID: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                        • Instruction ID: 3002c4020e31fcb34e6ffc2d5983d7aa910ebdc8277ab133fd4bc27d875cdae8
                                                                                        • Opcode Fuzzy Hash: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                        • Instruction Fuzzy Hash: F4219DB12003046BD7709AA99C85E5777E9EB85370F04082BFA89E32D3D239FC40C669
                                                                                        APIs
                                                                                        • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 2299586839-0
                                                                                        • Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                        • Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
                                                                                        • Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                        • Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00409C60), ref: 00404582
                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                        • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00409C60), ref: 004045C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModulePolicyProcess
                                                                                        • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                        • API String ID: 3256987805-3653653586
                                                                                        • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                        • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                        • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                        • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • SetLastError.KERNEL32 ref: 0040A0F4
                                                                                          • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,0208232C), ref: 0040966C
                                                                                        • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                        • SetWindowLongA.USER32(00020456,000000FC,00409918), ref: 0040A148
                                                                                        • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                        • DestroyWindow.USER32(00020456,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
                                                                                        • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                        • API String ID: 3757039580-3001827809
                                                                                        • Opcode ID: 92d7a146f7fa7ea583be229cf1972f4387f7e731d45899e9009fd1a518b8a977
                                                                                        • Instruction ID: f6a9afe5b3848034850d92184c83b7d566fc641e007638e18ad9d31f508a71de
                                                                                        • Opcode Fuzzy Hash: 92d7a146f7fa7ea583be229cf1972f4387f7e731d45899e9009fd1a518b8a977
                                                                                        • Instruction Fuzzy Hash: 3B411071600204DFD710EBA9EE86B9977A4EB45304F10467EF514B73E2C7B89811CB9D

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090C4
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090DE
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                        • API String ID: 1646373207-2130885113
                                                                                        • Opcode ID: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                        • Instruction ID: 4a4222b704d734fa8d0781b40c04fe9f9c76e7b4f133337d95099c0c8a01123f
                                                                                        • Opcode Fuzzy Hash: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                        • Instruction Fuzzy Hash: 20017170748342AEFB00BB72DD4AB163A68E785704F50457BF5407A2D3DABD4C04DA6D

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                        • SetWindowLongA.USER32(00020456,000000FC,00409918), ref: 0040A148
                                                                                          • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040A1B9,?), ref: 00406B94
                                                                                          • Part of subcall function 004099A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90,00000000,00409A77), ref: 00409A14
                                                                                          • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90,00000000), ref: 00409A28
                                                                                          • Part of subcall function 004099A4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                          • Part of subcall function 004099A4: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                          • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90), ref: 00409A5C
                                                                                        • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                        • DestroyWindow.USER32(00020456,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                        • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                        • API String ID: 3586484885-3001827809
                                                                                        • Opcode ID: a64027cc69530ce26e0d020b421cb23cd984c73ff13cd53596b8d38fe4c4ed4c
                                                                                        • Instruction ID: bf8877be64b1eb53a955be5febe4cb156f3d413c702a3b20994545be7baf65d7
                                                                                        • Opcode Fuzzy Hash: a64027cc69530ce26e0d020b421cb23cd984c73ff13cd53596b8d38fe4c4ed4c
                                                                                        • Instruction Fuzzy Hash: 75411A71604204DFD714EBA9EE86B5A77A4EB49304F10427EE514B73E1CBB8A810CB9D

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90,00000000,00409A77), ref: 00409A14
                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90,00000000), ref: 00409A28
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                        • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0208232C,00409A90), ref: 00409A5C
                                                                                          • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,0208232C), ref: 0040966C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                        • String ID: D
                                                                                        • API String ID: 3356880605-2746444292
                                                                                        • Opcode ID: 752074f715f169f8c9b0a2dfdb1d62babdf7ca20371da5ab86507c15e851728d
                                                                                        • Instruction ID: 6ea97129cf5aa135a7f7046e3a99eae43c862e8aca722617c6144c18eae127a8
                                                                                        • Opcode Fuzzy Hash: 752074f715f169f8c9b0a2dfdb1d62babdf7ca20371da5ab86507c15e851728d
                                                                                        • Instruction Fuzzy Hash: 3A1142B17442486EDB10EBE68C42FAEB7ACEF49714F50017BB604F72C2DA785D048A69

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 136 401918-40193a RtlInitializeCriticalSection 137 401946-40197c call 4012dc * 3 LocalAlloc 136->137 138 40193c-401941 RtlEnterCriticalSection 136->138 145 4019ad-4019c1 137->145 146 40197e 137->146 138->137 150 4019c3-4019c8 RtlLeaveCriticalSection 145->150 151 4019cd 145->151 147 401983-401995 146->147 147->147 149 401997-4019a6 147->149 149->145 150->151
                                                                                        APIs
                                                                                        • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                        • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                        • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                        • String ID:
                                                                                        • API String ID: 730355536-0
                                                                                        • Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                        • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                        • Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                        • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: .tmp$y@
                                                                                        • API String ID: 2030045667-2396523267
                                                                                        • Opcode ID: 025cb7c8070ceb0a973f57dc2423f3e96cefce6b80174f3a3145c26c436c6efd
                                                                                        • Instruction ID: 436c98ae07f88f71ec52beeb6e72a39fdb1c754e3b127fd60db974180cd34f4e
                                                                                        • Opcode Fuzzy Hash: 025cb7c8070ceb0a973f57dc2423f3e96cefce6b80174f3a3145c26c436c6efd
                                                                                        • Instruction Fuzzy Hash: 7541AC30600200DFC715EF25DE96A5A77A5EB49304B50463AF804B73E2CBB9AC05CBAD

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message
                                                                                        • String ID: .tmp$y@
                                                                                        • API String ID: 2030045667-2396523267
                                                                                        • Opcode ID: cf567291c84692d100e5ec609b282d55b3c5af0b5f3d357f2e8f357a6d06844b
                                                                                        • Instruction ID: effdcd9541676c6323f3fad609c54d18bb0bf767b5f2530b550772909ae59cb2
                                                                                        • Opcode Fuzzy Hash: cf567291c84692d100e5ec609b282d55b3c5af0b5f3d357f2e8f357a6d06844b
                                                                                        • Instruction Fuzzy Hash: 1F418D70610204DFC715EF25DED6A5A77A5EB49308B50463AF804B73E2CBB9AC05CBAD

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                        • String ID: .tmp
                                                                                        • API String ID: 1375471231-2986845003
                                                                                        • Opcode ID: 7ba2b511fbcbba0bdafc57409f78771f2ffb69bdc1885ec5b7c8c3418ce725e0
                                                                                        • Instruction ID: 229665e4fb482f752e04f7b041ef1ce89d659938bfc828767b82506ffacbf3f4
                                                                                        • Opcode Fuzzy Hash: 7ba2b511fbcbba0bdafc57409f78771f2ffb69bdc1885ec5b7c8c3418ce725e0
                                                                                        • Instruction Fuzzy Hash: 7C213774A04208ABDB05EFA1C8429DFB7B9EF88304F50457BE901B73C2DA7C9E059A65

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 337 407749-40774a 338 4076dc-4076e6 WriteFile 337->338 339 40774c-40776f 337->339 341 4076e8-4076ea call 40748c 338->341 342 4076ef-4076f2 338->342 340 407770-407785 339->340 343 407787 340->343 344 4077f9 340->344 341->342 346 407700-407704 342->346 347 4076f4-4076fb call 4073ec 342->347 348 40778a-40778f 343->348 349 4077fd-407802 343->349 350 40783b-40783d 344->350 351 4077fb 344->351 347->346 355 407803-407819 348->355 357 407791-407792 348->357 349->355 353 407841-407843 350->353 351->349 356 40785b-40785c 353->356 355->356 366 40781b 355->366 358 4078d6-4078eb call 407890 InterlockedExchange 356->358 359 40785e-40788c 356->359 360 407724-407741 357->360 361 407794-4077b4 357->361 379 407912-407917 358->379 380 4078ed-407910 358->380 376 407820-407823 359->376 377 407890-407893 359->377 365 4077b5 360->365 367 407743 360->367 361->365 372 4077b6-4077b7 365->372 373 4077f7-4077f8 365->373 374 40781e-40781f 366->374 368 407746-407747 367->368 369 4077b9 367->369 368->337 375 4077bb-4077cd 368->375 369->375 372->369 373->344 374->376 375->353 381 4077cf-4077d4 375->381 382 407824 376->382 383 407898 376->383 377->383 380->379 380->380 381->350 387 4077d6-4077de 381->387 385 407825 382->385 386 40789a 382->386 383->386 388 407896-407897 385->388 389 407826-40782d 385->389 390 40789f 386->390 387->340 399 4077e0 387->399 388->383 392 4078a1 389->392 393 40782f 389->393 390->392 395 4078a3 392->395 396 4078ac 392->396 397 407832-407833 393->397 398 4078a5-4078aa 393->398 395->398 400 4078ae-4078af 396->400 397->350 397->374 398->400 399->373 400->390 401 4078b1-4078bd 400->401 401->383 402 4078bf-4078c0 401->402
                                                                                        APIs
                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                        • Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
                                                                                        • Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                        • Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 403 401fd4-401fe6 404 401fe8 call 401918 403->404 405 401ffb-402010 403->405 409 401fed-401fef 404->409 407 402012-402017 RtlEnterCriticalSection 405->407 408 40201c-402025 405->408 407->408 410 402027 408->410 411 40202c-402032 408->411 409->405 412 401ff1-401ff6 409->412 410->411 413 402038-40203c 411->413 414 4020cb-4020d1 411->414 415 40214f-402158 412->415 418 402041-402050 413->418 419 40203e 413->419 416 4020d3-4020e0 414->416 417 40211d-40211f call 401ee0 414->417 420 4020e2-4020ea 416->420 421 4020ef-40211b call 402f54 416->421 424 402124-40213b 417->424 418->414 422 402052-402060 418->422 419->418 420->421 421->415 426 402062-402066 422->426 427 40207c-402080 422->427 435 402147 424->435 436 40213d-402142 RtlLeaveCriticalSection 424->436 428 402068 426->428 429 40206b-40207a 426->429 431 402082 427->431 432 402085-4020a0 427->432 428->429 434 4020a2-4020c6 call 402f54 429->434 431->432 432->434 434->415 436->435
                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017
                                                                                          • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                          • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                          • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                          • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                        • String ID:
                                                                                        • API String ID: 296031713-0
                                                                                        • Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                        • Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
                                                                                        • Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                        • Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 439 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLibraryLoadMode
                                                                                        • String ID:
                                                                                        • API String ID: 2987862817-0
                                                                                        • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                        • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                        • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                        • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                        APIs
                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                        • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 1156039329-0
                                                                                        • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                        • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                        • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                        • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 443 40762c-40764a ReadFile 444 407663-40766a 443->444 445 40764c-407650 443->445 446 407652-40765a GetLastError 445->446 447 40765c-40765e call 40748c 445->447 446->444 446->447 447->444
                                                                                        APIs
                                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastRead
                                                                                        • String ID:
                                                                                        • API String ID: 1948546556-0
                                                                                        • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                        • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                        • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                        • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                        APIs
                                                                                        • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                        • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 1156039329-0
                                                                                        • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                        • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                        • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                        • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 2087232378-0
                                                                                        • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                        • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                        • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                        • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                        APIs
                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F
                                                                                          • Part of subcall function 00404CDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CF9
                                                                                          • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                        • String ID:
                                                                                        • API String ID: 1658689577-0
                                                                                        • Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                        • Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
                                                                                        • Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                        • Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                        • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                        • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                        • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                        • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                        • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                        • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                        • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                        • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                        • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                        APIs
                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastWrite
                                                                                        • String ID:
                                                                                        • API String ID: 442123175-0
                                                                                        • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                        • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                        • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                        • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                        APIs
                                                                                        • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FormatMessage
                                                                                        • String ID:
                                                                                        • API String ID: 1306739567-0
                                                                                        • Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                        • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                        • Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                        • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                        APIs
                                                                                        • SetEndOfFile.KERNEL32(?,02098000,0040A08C,00000000), ref: 004076B3
                                                                                          • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,020803AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 734332943-0
                                                                                        • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                        • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                        • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                        • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                        • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                        • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                        • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                        • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                        • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                        • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                        APIs
                                                                                        • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CharPrev
                                                                                        • String ID:
                                                                                        • API String ID: 122130370-0
                                                                                        • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                        • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                        • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                        • Instruction Fuzzy Hash:
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                        • Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
                                                                                        • Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                        • Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA
                                                                                        APIs
                                                                                        • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                        • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                        • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                        • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                        • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                        • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                        • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                        APIs
                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                        • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                        • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                        • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040949D
                                                                                        • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004094A2
                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                        • String ID: SeShutdownPrivilege
                                                                                        • API String ID: 107509674-3733053543
                                                                                        • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                        • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                        • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                        • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409BF6
                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 00409C09
                                                                                        • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000), ref: 00409C1B
                                                                                        • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5), ref: 00409C2C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                        • String ID:
                                                                                        • API String ID: 3473537107-0
                                                                                        • Opcode ID: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                        • Instruction ID: ed04ed1443b666af2c347742ca0221af59beed1f1180006ed42e296f861e82c7
                                                                                        • Opcode Fuzzy Hash: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                        • Instruction Fuzzy Hash: ECE07EA0B483562AFA6076FB08C2B2A018C4BA671DF40003BB701B92C3DEBD8C14856E
                                                                                        APIs
                                                                                        • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 2299586839-0
                                                                                        • Opcode ID: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                        • Instruction ID: 1db3d1c1bb6fab5f91442dea8a08a829cd161d84d3a7e1f0c2fe21aaaafd944f
                                                                                        • Opcode Fuzzy Hash: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                        • Instruction Fuzzy Hash: 9ED02EA230E2006AE210808B2C84EBB4A9CCEC53A0F00007FF648C3242D2208C029B76
                                                                                        APIs
                                                                                        • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: SystemTime
                                                                                        • String ID:
                                                                                        • API String ID: 2656138-0
                                                                                        • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                        • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                                                        • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                        • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                                                        APIs
                                                                                        • GetVersionExA.KERNEL32(?,004065F0,00000000,004065FE,?,?,?,?,?,00409C6A), ref: 00405D02
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Version
                                                                                        • String ID:
                                                                                        • API String ID: 1889659487-0
                                                                                        • Opcode ID: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                        • Instruction ID: 4c33b40dd65743d8d98a5ffd827b1eb297e5dd4f71424004bfe2d5ab9b26ea54
                                                                                        • Opcode Fuzzy Hash: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                        • Instruction Fuzzy Hash: 00C0126040070186D7109B31DC02B1672D4AB44310F4405396DA4963C2E73C80018A6E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                        • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                                                        • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                        • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 0040704D
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 004070A1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressCloseHandleModuleProc
                                                                                        • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                        • API String ID: 4190037839-2401316094
                                                                                        • Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                        • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                        • Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                        • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                        • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                        • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                        • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                        • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                        • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                        • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                        • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                        • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                        • String ID:
                                                                                        • API String ID: 1694776339-0
                                                                                        • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                        • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                        • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                        • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                        APIs
                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE
                                                                                          • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                          • Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale$DefaultSystem
                                                                                        • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                        • API String ID: 1044490935-665933166
                                                                                        • Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                        • Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
                                                                                        • Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                        • Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C
                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                        • LocalFree.KERNEL32(005BB9E0,00000000,00401AB4), ref: 00401A1B
                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,005BB9E0,00000000,00401AB4), ref: 00401A3A
                                                                                        • LocalFree.KERNEL32(005BC9E0,?,00000000,00008000,005BB9E0,00000000,00401AB4), ref: 00401A79
                                                                                        • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                        • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 3782394904-0
                                                                                        • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                        • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                        • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                        • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                        APIs
                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                        • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitMessageProcess
                                                                                        • String ID: Error$Runtime error at 00000000$9@
                                                                                        • API String ID: 1220098344-1503883590
                                                                                        • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                        • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                        • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                        • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$AllocString
                                                                                        • String ID:
                                                                                        • API String ID: 262959230-0
                                                                                        • Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                        • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                        • Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                        • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(00000000,00409C56), ref: 004030E3
                                                                                        • GetCommandLineA.KERNEL32(00000000,00409C56), ref: 004030EE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CommandHandleLineModule
                                                                                        • String ID: U1hd.@$`&Z
                                                                                        • API String ID: 2123368496-3489873892
                                                                                        • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                        • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                        • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                        • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                        APIs
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,004098D0,00000000), ref: 00406E4C
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID: )q@
                                                                                        • API String ID: 3660427363-2284170586
                                                                                        • Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                        • Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
                                                                                        • Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                        • Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 004094F7
                                                                                        • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409507
                                                                                        • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 0040951A
                                                                                        • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409524
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.3317028307.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000000.00000002.3316998017.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317087116.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.3317113356.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastSleep
                                                                                        • String ID:
                                                                                        • API String ID: 1458359878-0
                                                                                        • Opcode ID: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                        • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                        • Opcode Fuzzy Hash: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                        • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

                                                                                        Execution Graph

                                                                                        Execution Coverage:16%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:4.6%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:79
                                                                                        execution_graph 49897 40cd00 49898 40cd12 49897->49898 49899 40cd0d 49897->49899 49901 406f48 CloseHandle 49899->49901 49901->49898 49902 4923a8 49903 4923dc 49902->49903 49904 4923de 49903->49904 49905 4923f2 49903->49905 50048 446f9c 32 API calls 49904->50048 49908 49242e 49905->49908 49909 492401 49905->49909 49907 4923e7 Sleep 49966 492429 49907->49966 49914 49246a 49908->49914 49915 49243d 49908->49915 50038 446ff8 49909->50038 49913 492410 49917 492418 FindWindowA 49913->49917 49920 492479 49914->49920 49921 4924c0 49914->49921 49916 446ff8 32 API calls 49915->49916 49918 49244a 49916->49918 50042 447278 49917->50042 49922 492452 FindWindowA 49918->49922 50049 446f9c 32 API calls 49920->50049 49926 49251c 49921->49926 49927 4924cf 49921->49927 49924 447278 19 API calls 49922->49924 49958 492465 49924->49958 49925 492485 50050 446f9c 32 API calls 49925->50050 49933 492578 49926->49933 49934 49252b 49926->49934 50053 446f9c 32 API calls 49927->50053 49930 492492 50051 446f9c 32 API calls 49930->50051 49931 4924db 50054 446f9c 32 API calls 49931->50054 49944 4925b2 49933->49944 49945 492587 49933->49945 50058 446f9c 32 API calls 49934->50058 49936 49249f 50052 446f9c 32 API calls 49936->50052 49939 4924e8 50055 446f9c 32 API calls 49939->50055 49940 4924aa SendMessageA 49943 447278 19 API calls 49940->49943 49941 492537 50059 446f9c 32 API calls 49941->50059 49943->49958 49956 4925c1 49944->49956 49957 492600 49944->49957 49948 446ff8 32 API calls 49945->49948 49947 4924f5 50056 446f9c 32 API calls 49947->50056 49951 492594 49948->49951 49949 492544 50060 446f9c 32 API calls 49949->50060 49959 49259c RegisterClipboardFormatA 49951->49959 49953 492500 PostMessageA 50057 4470d0 19 API calls 49953->50057 49955 492551 50061 446f9c 32 API calls 49955->50061 50063 446f9c 32 API calls 49956->50063 49967 49260f 49957->49967 49968 492654 49957->49968 49958->49966 49962 447278 19 API calls 49959->49962 49962->49966 49963 49255c SendNotifyMessageA 50062 4470d0 19 API calls 49963->50062 49964 4925cd 50064 446f9c 32 API calls 49964->50064 50088 403420 49966->50088 50066 446f9c 32 API calls 49967->50066 49975 4926a8 49968->49975 49976 492663 49968->49976 49970 4925da 50065 446f9c 32 API calls 49970->50065 49973 49261b 50067 446f9c 32 API calls 49973->50067 49974 4925e5 SendMessageA 49978 447278 19 API calls 49974->49978 49983 49270a 49975->49983 49984 4926b7 49975->49984 50070 446f9c 32 API calls 49976->50070 49978->49958 49980 492628 50068 446f9c 32 API calls 49980->50068 49981 49266f 50071 446f9c 32 API calls 49981->50071 49992 492719 49983->49992 49993 492791 49983->49993 49988 446ff8 32 API calls 49984->49988 49986 492633 PostMessageA 50069 4470d0 19 API calls 49986->50069 49990 4926c4 49988->49990 49989 49267c 50072 446f9c 32 API calls 49989->50072 50074 42e394 SetErrorMode 49990->50074 49996 446ff8 32 API calls 49992->49996 50003 4927a0 49993->50003 50004 4927c6 49993->50004 49995 492687 SendNotifyMessageA 50073 4470d0 19 API calls 49995->50073 49999 492728 49996->49999 49997 4926d1 50000 4926e7 GetLastError 49997->50000 50001 4926d7 49997->50001 50077 446f9c 32 API calls 49999->50077 50005 447278 19 API calls 50000->50005 50002 447278 19 API calls 50001->50002 50006 4926e5 50002->50006 50082 446f9c 32 API calls 50003->50082 50011 4927f8 50004->50011 50012 4927d5 50004->50012 50005->50006 50010 447278 19 API calls 50006->50010 50009 4927aa FreeLibrary 50083 4470d0 19 API calls 50009->50083 50010->49966 50021 492807 50011->50021 50027 49283b 50011->50027 50015 446ff8 32 API calls 50012->50015 50013 49273b GetProcAddress 50016 492781 50013->50016 50017 492747 50013->50017 50018 4927e1 50015->50018 50081 4470d0 19 API calls 50016->50081 50078 446f9c 32 API calls 50017->50078 50023 4927e9 CreateMutexA 50018->50023 50084 48c764 32 API calls 50021->50084 50022 492753 50079 446f9c 32 API calls 50022->50079 50023->49966 50026 492760 50030 447278 19 API calls 50026->50030 50027->49966 50086 48c764 32 API calls 50027->50086 50029 492813 50032 492824 OemToCharBuffA 50029->50032 50031 492771 50030->50031 50080 4470d0 19 API calls 50031->50080 50085 48c77c 19 API calls 50032->50085 50035 492856 50036 492867 CharToOemBuffA 50035->50036 50087 48c77c 19 API calls 50036->50087 50039 447000 50038->50039 50092 436078 50039->50092 50041 44701f 50041->49913 50043 447280 50042->50043 50205 4363e0 VariantClear 50043->50205 50045 4472a3 50046 4472ba 50045->50046 50206 408c0c 18 API calls 50045->50206 50046->49966 50048->49907 50049->49925 50050->49930 50051->49936 50052->49940 50053->49931 50054->49939 50055->49947 50056->49953 50057->49958 50058->49941 50059->49949 50060->49955 50061->49963 50062->49966 50063->49964 50064->49970 50065->49974 50066->49973 50067->49980 50068->49986 50069->49958 50070->49981 50071->49989 50072->49995 50073->49966 50207 403738 50074->50207 50077->50013 50078->50022 50079->50026 50080->49958 50081->49958 50082->50009 50083->49966 50084->50029 50085->49966 50086->50035 50087->49966 50089 403426 50088->50089 50090 40344b 50089->50090 50091 402660 4 API calls 50089->50091 50091->50089 50093 436084 50092->50093 50106 4360a6 50092->50106 50093->50106 50112 408c0c 18 API calls 50093->50112 50094 436129 50121 408c0c 18 API calls 50094->50121 50096 436111 50116 403494 50096->50116 50097 4360f9 50104 403510 18 API calls 50097->50104 50098 4360ed 50113 403510 50098->50113 50099 43611d 50120 4040e8 32 API calls 50099->50120 50110 436102 50104->50110 50106->50094 50106->50096 50106->50097 50106->50098 50106->50099 50111 436105 50106->50111 50107 436126 50107->50041 50109 43613a 50109->50041 50110->50041 50111->50041 50112->50106 50122 4034e0 50113->50122 50117 403498 50116->50117 50118 4034ba 50117->50118 50119 402660 4 API calls 50117->50119 50118->50041 50119->50118 50120->50107 50121->50109 50127 4034bc 50122->50127 50124 4034f0 50132 403400 50124->50132 50128 4034c0 50127->50128 50129 4034dc 50127->50129 50136 402648 50128->50136 50129->50124 50131 4034c9 50131->50124 50133 403406 50132->50133 50134 40341f 50132->50134 50133->50134 50200 402660 50133->50200 50134->50041 50137 40264c 50136->50137 50139 402656 50136->50139 50142 402088 50137->50142 50138 402652 50138->50139 50153 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50138->50153 50139->50131 50139->50139 50143 40209c 50142->50143 50144 4020a1 50142->50144 50154 4019cc RtlInitializeCriticalSection 50143->50154 50145 4020c6 RtlEnterCriticalSection 50144->50145 50147 4020d0 50144->50147 50150 4020a5 50144->50150 50145->50147 50147->50150 50161 401f94 50147->50161 50150->50138 50151 4021f1 RtlLeaveCriticalSection 50152 4021fb 50151->50152 50152->50138 50153->50139 50155 4019f0 RtlEnterCriticalSection 50154->50155 50156 4019fa 50154->50156 50155->50156 50157 401a18 LocalAlloc 50156->50157 50158 401a32 50157->50158 50159 401a81 50158->50159 50160 401a77 RtlLeaveCriticalSection 50158->50160 50159->50144 50160->50159 50162 401fa4 50161->50162 50163 401ff4 50162->50163 50164 401fd0 50162->50164 50167 401f0c 50162->50167 50163->50151 50163->50152 50164->50163 50172 401db4 50164->50172 50176 40178c 50167->50176 50170 401f29 50170->50162 50173 401e02 50172->50173 50174 401dd2 50172->50174 50173->50174 50187 401d1c 50173->50187 50174->50163 50177 4017a8 50176->50177 50178 4014e4 LocalAlloc VirtualAlloc VirtualFree 50177->50178 50179 4017b2 50177->50179 50181 40180f 50177->50181 50182 4013e0 LocalAlloc 50177->50182 50183 401803 50177->50183 50178->50177 50180 401678 VirtualAlloc 50179->50180 50184 4017be 50180->50184 50181->50170 50186 401e80 9 API calls 50181->50186 50182->50177 50185 4015c0 VirtualFree 50183->50185 50184->50181 50185->50181 50186->50170 50188 401d2e 50187->50188 50189 401d51 50188->50189 50190 401d63 50188->50190 50191 401940 LocalAlloc VirtualFree VirtualFree 50189->50191 50192 401940 LocalAlloc VirtualFree VirtualFree 50190->50192 50193 401d61 50191->50193 50192->50193 50194 401d79 50193->50194 50195 401bf8 9 API calls 50193->50195 50194->50174 50196 401d88 50195->50196 50197 401da2 50196->50197 50198 401c4c 9 API calls 50196->50198 50199 401454 LocalAlloc 50197->50199 50198->50197 50199->50194 50201 402664 50200->50201 50202 40266e 50200->50202 50201->50202 50204 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50201->50204 50202->50134 50204->50202 50205->50045 50206->50046 50208 40373c LoadLibraryA 50207->50208 50208->49997 50209 42f520 50210 42f52b 50209->50210 50211 42f52f NtdllDefWindowProc_A 50209->50211 50211->50210 50212 46b984 50213 46b9b8 50212->50213 50246 46be21 50212->50246 50215 46b9f4 50213->50215 50218 46ba50 50213->50218 50219 46ba2e 50213->50219 50220 46ba3f 50213->50220 50221 46ba0c 50213->50221 50222 46ba1d 50213->50222 50214 403400 4 API calls 50217 46be60 50214->50217 50215->50246 50303 468ae8 50215->50303 50226 403400 4 API calls 50217->50226 50541 46b914 59 API calls 50218->50541 50268 46b544 50219->50268 50540 46b704 81 API calls 50220->50540 50538 46b294 61 API calls 50221->50538 50539 46b3fc 56 API calls 50222->50539 50230 46be68 50226->50230 50229 46ba12 50229->50215 50229->50246 50231 46ba8c 50242 46bacf 50231->50242 50231->50246 50542 494910 50231->50542 50234 46bbf2 50561 483070 137 API calls 50234->50561 50237 46bc0d 50237->50246 50238 42cbc0 20 API calls 50238->50242 50239 46bc4b 50321 469d90 50239->50321 50240 414ae8 18 API calls 50240->50242 50241 403450 18 API calls 50241->50242 50242->50234 50242->50238 50242->50239 50242->50240 50242->50241 50243 46addc 37 API calls 50242->50243 50242->50246 50264 46bd13 50242->50264 50306 468a24 50242->50306 50314 46ab48 50242->50314 50465 482b68 50242->50465 50578 46b050 33 API calls 50242->50578 50243->50242 50246->50214 50247 46addc 37 API calls 50247->50246 50249 46bcb1 50382 403450 50249->50382 50252 46bd1d 50258 46bddf 50252->50258 50388 46addc 50252->50388 50253 46bccd 50562 457d6c 50253->50562 50257 457d6c 38 API calls 50257->50264 50264->50247 50579 46c298 50268->50579 50271 46b6c6 50272 403420 4 API calls 50271->50272 50274 46b6e0 50272->50274 50276 403400 4 API calls 50274->50276 50275 46b592 50301 46b6b2 50275->50301 50586 455f84 27 API calls 50275->50586 50278 46b6e8 50276->50278 50277 403450 18 API calls 50277->50271 50280 403400 4 API calls 50278->50280 50281 46b6f0 50280->50281 50281->50215 50283 46b615 50283->50271 50297 46b675 50283->50297 50596 42cd48 50283->50596 50284 46b5b0 50284->50283 50587 466474 50284->50587 50287 42cd48 21 API calls 50290 46b68b 50287->50290 50295 451458 18 API calls 50290->50295 50290->50301 50291 466474 33 API calls 50293 46b5f0 50291->50293 50591 451428 50293->50591 50298 46b6a2 50295->50298 50297->50271 50297->50287 50297->50301 50603 47eab4 56 API calls 50298->50603 50301->50271 50301->50277 50304 468a24 33 API calls 50303->50304 50305 468af7 50304->50305 50305->50231 50309 468a53 50306->50309 50307 4078f4 33 API calls 50308 468a8c 50307->50308 50870 453344 18 API calls 50308->50870 50309->50307 50311 468a94 50309->50311 50312 403400 4 API calls 50311->50312 50313 468aac 50312->50313 50313->50242 50315 46ab54 50314->50315 50316 46ab59 50314->50316 50317 46ab57 50315->50317 50871 46a5b4 50315->50871 50956 4698f4 60 API calls 50316->50956 50317->50242 50319 46ab61 50319->50242 50322 403400 4 API calls 50321->50322 50323 469dbe 50322->50323 51333 47d7f0 50323->51333 50325 469e21 50326 469e25 50325->50326 50327 469e3e 50325->50327 51340 466674 50326->51340 50329 469e2f 50327->50329 51343 494800 18 API calls 50327->51343 50330 46a0d2 50329->50330 50332 469f5d 50329->50332 50333 469fc8 50329->50333 50334 403420 4 API calls 50330->50334 50337 403494 4 API calls 50332->50337 50338 403494 4 API calls 50333->50338 50339 46a0fc 50334->50339 50335 469e5a 50335->50329 50336 469e62 50335->50336 50340 46addc 37 API calls 50336->50340 50341 469f6a 50337->50341 50342 469fd5 50338->50342 50339->50249 50349 469e6f 50340->50349 50343 40357c 18 API calls 50341->50343 50344 40357c 18 API calls 50342->50344 50345 469f77 50343->50345 50346 469fe2 50344->50346 50347 40357c 18 API calls 50345->50347 50348 40357c 18 API calls 50346->50348 50350 469f84 50347->50350 50351 469fef 50348->50351 50354 469eb0 50349->50354 50355 469e98 SetActiveWindow 50349->50355 50352 40357c 18 API calls 50350->50352 50353 40357c 18 API calls 50351->50353 50356 469f91 50352->50356 50357 469ffc 50353->50357 51344 42f560 50354->51344 50355->50354 50359 466674 34 API calls 50356->50359 50358 40357c 18 API calls 50357->50358 50361 46a00a 50358->50361 50360 469f9f 50359->50360 50362 40357c 18 API calls 50360->50362 50363 414b18 18 API calls 50361->50363 50365 469fa8 50362->50365 50366 469fc6 50363->50366 50368 40357c 18 API calls 50365->50368 51361 4669ac 50366->51361 50371 469fb5 50368->50371 50373 414b18 18 API calls 50371->50373 50372 469f01 50374 46ac58 35 API calls 50372->50374 50373->50366 50375 469f33 50374->50375 50375->50249 50384 403454 50382->50384 50386 403464 50382->50386 50383 403490 50383->50252 50383->50253 50385 4034bc 18 API calls 50384->50385 50384->50386 50385->50386 50386->50383 50387 402660 4 API calls 50386->50387 50387->50383 50389 468ae8 33 API calls 50388->50389 50390 46adf4 50389->50390 50391 46ae16 50390->50391 50392 465140 21 API calls 50390->50392 51557 465140 50391->51557 50392->50391 50396 46ae2e 50397 46ac58 35 API calls 50396->50397 50398 46ae66 50397->50398 50399 414b18 18 API calls 50398->50399 50400 46ae7a 50399->50400 50401 46ae86 50400->50401 50402 46aeb0 50400->50402 50403 414b18 18 API calls 50401->50403 50405 46aecf 50402->50405 50406 46aef9 50402->50406 50404 46ae9a 50403->50404 50408 414b18 18 API calls 50404->50408 50409 414b18 18 API calls 50405->50409 50407 414b18 18 API calls 50406->50407 50410 46af0d 50407->50410 50411 46aeae 50408->50411 50412 46aee3 50409->50412 50413 414b18 18 API calls 50410->50413 51574 46ab70 50411->51574 50414 414b18 18 API calls 50412->50414 50413->50411 50414->50411 50466 46c298 62 API calls 50465->50466 50467 482bab 50466->50467 50468 482bb4 50467->50468 51840 408be0 19 API calls 50467->51840 50470 414ae8 18 API calls 50468->50470 50471 482bc4 50470->50471 50472 403450 18 API calls 50471->50472 50473 482bd1 50472->50473 51642 46c5f0 50473->51642 50476 482be1 50478 414ae8 18 API calls 50476->50478 50479 482bf1 50478->50479 50480 403450 18 API calls 50479->50480 50481 482bfe 50480->50481 50482 4696dc SendMessageA 50481->50482 50483 482c17 50482->50483 50484 482c68 50483->50484 51842 47993c 37 API calls 50483->51842 51671 4241dc IsIconic 50484->51671 50488 482c98 51679 481f98 50488->51679 50489 482c83 SetActiveWindow 50489->50488 50538->50229 50539->50215 50540->50215 50541->50215 53513 43d9c8 50542->53513 50545 49493c 53518 431bd0 50545->53518 50546 4949c2 50547 4949d1 50546->50547 53551 494138 18 API calls 50546->53551 50547->50242 50556 494986 53549 4941cc 18 API calls 50556->53549 50558 49499a 53550 433dd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50558->53550 50560 4949ba 50560->50242 50561->50237 50563 457d91 50562->50563 50564 457db1 50563->50564 50565 4078f4 33 API calls 50563->50565 50567 403400 4 API calls 50564->50567 50566 457da9 50565->50566 50568 457b60 38 API calls 50566->50568 50569 457dc6 50567->50569 50568->50564 50569->50257 50578->50242 50604 46c330 50579->50604 50582 414ae8 50583 414af6 50582->50583 50584 4034e0 18 API calls 50583->50584 50585 414b03 50584->50585 50585->50275 50586->50284 50588 46648e 50587->50588 50821 4078f4 50588->50821 50864 42cccc 50596->50864 50599 451458 50600 451428 18 API calls 50599->50600 50601 451474 50600->50601 50602 47eab4 56 API calls 50601->50602 50602->50297 50603->50301 50605 414ae8 18 API calls 50604->50605 50606 46c364 50605->50606 50665 46670c 50606->50665 50610 46c376 50611 46c385 50610->50611 50614 46c39e 50610->50614 50734 47eab4 56 API calls 50611->50734 50613 46c399 50615 403420 4 API calls 50613->50615 50617 46c3e5 50614->50617 50618 46c3cc 50614->50618 50616 46b576 50615->50616 50616->50271 50616->50582 50619 46c44a 50617->50619 50632 46c3e9 50617->50632 50735 47eab4 56 API calls 50618->50735 50737 42cb4c CharNextA 50619->50737 50622 46c459 50623 46c45d 50622->50623 50626 46c476 50622->50626 50738 47eab4 56 API calls 50623->50738 50625 46c431 50736 47eab4 56 API calls 50625->50736 50627 46c49a 50626->50627 50679 46687c 50626->50679 50739 47eab4 56 API calls 50627->50739 50632->50625 50632->50626 50635 46c4b3 50687 403778 50635->50687 50640 46c4da 50740 466908 18 API calls 50640->50740 50641 46c50b 50698 42c8cc 50641->50698 50644 46c4ed 50646 451458 18 API calls 50644->50646 50648 46c4fa 50646->50648 50741 47eab4 56 API calls 50648->50741 50670 466726 50665->50670 50667 42cbc0 20 API calls 50667->50670 50668 403450 18 API calls 50668->50670 50669 406bb0 18 API calls 50669->50670 50670->50667 50670->50668 50670->50669 50671 46676f 50670->50671 50744 42caac 50670->50744 50672 403420 4 API calls 50671->50672 50673 466789 50672->50673 50674 414b18 50673->50674 50675 414ae8 18 API calls 50674->50675 50676 414b3c 50675->50676 50677 403400 4 API calls 50676->50677 50678 414b6d 50677->50678 50678->50610 50680 466886 50679->50680 50681 466899 50680->50681 50774 42cb3c CharNextA 50680->50774 50681->50627 50683 4668ac 50681->50683 50685 4668b6 50683->50685 50684 4668e3 50684->50627 50684->50635 50685->50684 50775 42cb3c CharNextA 50685->50775 50688 4037aa 50687->50688 50690 40377d 50687->50690 50689 403400 4 API calls 50688->50689 50693 4037a0 50689->50693 50690->50688 50691 403791 50690->50691 50692 4034e0 18 API calls 50691->50692 50692->50693 50694 42c99c 50693->50694 50695 42c9f5 50694->50695 50696 42c9b2 50694->50696 50695->50640 50695->50641 50696->50695 50776 42cb3c CharNextA 50696->50776 50777 42c674 50698->50777 50701 42c8e0 50702 42c8e9 50734->50613 50735->50613 50736->50613 50737->50622 50738->50613 50739->50613 50740->50644 50741->50613 50745 403494 4 API calls 50744->50745 50746 42cabc 50745->50746 50751 42caf2 50746->50751 50753 403744 50746->50753 50757 42c444 IsDBCSLeadByte 50746->50757 50749 42cb36 50749->50670 50751->50749 50758 4037b8 50751->50758 50763 42c444 IsDBCSLeadByte 50751->50763 50754 40374a 50753->50754 50756 40375b 50753->50756 50755 4034bc 18 API calls 50754->50755 50754->50756 50755->50756 50756->50746 50757->50746 50759 403744 18 API calls 50758->50759 50761 4037c6 50759->50761 50760 4037fc 50760->50751 50761->50760 50764 4038a4 50761->50764 50763->50751 50765 4038b1 50764->50765 50772 4038e1 50764->50772 50767 4038da 50765->50767 50769 4038bd 50765->50769 50766 403400 4 API calls 50768 4038cb 50766->50768 50770 4034bc 18 API calls 50767->50770 50768->50760 50773 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50769->50773 50770->50772 50772->50766 50773->50768 50774->50680 50775->50685 50776->50696 50780 42c67c 50777->50780 50779 42c67b 50779->50701 50779->50702 50783 42c68d 50780->50783 50781 42c6f1 50784 42c6ec 50781->50784 50788 42c444 IsDBCSLeadByte 50781->50788 50783->50781 50786 42c6ab 50783->50786 50784->50779 50786->50784 50787 42c444 IsDBCSLeadByte 50786->50787 50787->50786 50788->50784 50824 407908 50821->50824 50825 407925 50824->50825 50832 4075b8 50825->50832 50828 407951 50830 4034e0 18 API calls 50828->50830 50831 407903 50830->50831 50831->50291 50834 4075d3 50832->50834 50833 4075e5 50833->50828 50837 4069a0 19 API calls 50833->50837 50834->50833 50838 4076da 33 API calls 50834->50838 50839 4075ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50834->50839 50837->50828 50838->50834 50839->50834 50865 42cbc0 20 API calls 50864->50865 50866 42ccee 50865->50866 50867 42ccf6 GetFileAttributesA 50866->50867 50868 403400 4 API calls 50867->50868 50869 42cd13 50868->50869 50869->50297 50869->50599 50870->50311 50873 46a5fb 50871->50873 50872 46aa73 50874 46aa8e 50872->50874 50875 46aabf 50872->50875 50873->50872 50876 46a6b6 50873->50876 50879 403494 4 API calls 50873->50879 50878 403494 4 API calls 50874->50878 50880 403494 4 API calls 50875->50880 50877 46a6d7 50876->50877 50881 46a718 50876->50881 50882 403494 4 API calls 50877->50882 50883 46aa9c 50878->50883 50884 46a63a 50879->50884 50885 46aacd 50880->50885 50889 403400 4 API calls 50881->50889 50886 46a6e5 50882->50886 50983 468fd0 26 API calls 50883->50983 50888 414ae8 18 API calls 50884->50888 50984 468fd0 26 API calls 50885->50984 50891 414ae8 18 API calls 50886->50891 50893 46a65b 50888->50893 50894 46a716 50889->50894 50896 46a706 50891->50896 50892 46aaaa 50895 403400 4 API calls 50892->50895 50957 403634 50893->50957 50914 46a7fc 50894->50914 50963 4696dc 50894->50963 50899 46aaf0 50895->50899 50901 403634 18 API calls 50896->50901 50905 403400 4 API calls 50899->50905 50900 46a884 50903 403400 4 API calls 50900->50903 50901->50894 50907 46a882 50903->50907 50904 46a738 50908 46a776 50904->50908 50909 46a73e 50904->50909 50910 46aaf8 50905->50910 50978 469b18 57 API calls 50907->50978 50915 403400 4 API calls 50908->50915 50912 403494 4 API calls 50909->50912 50913 403420 4 API calls 50910->50913 50916 46a74c 50912->50916 50917 46ab05 50913->50917 50914->50900 50918 46a843 50914->50918 50919 46a774 50915->50919 50969 47bd90 50916->50969 50917->50317 50924 403494 4 API calls 50918->50924 50972 4699d0 50919->50972 50928 46a851 50924->50928 50926 46a8ad 50934 46a90e 50926->50934 50935 46a8b8 50926->50935 50927 46a764 50929 403634 18 API calls 50927->50929 50930 414ae8 18 API calls 50928->50930 50929->50919 50932 46a872 50930->50932 50936 403634 18 API calls 50932->50936 50933 46a79d 50939 46a7fe 50933->50939 50940 46a7a8 50933->50940 50937 403400 4 API calls 50934->50937 50938 403494 4 API calls 50935->50938 50936->50907 50941 46a916 50937->50941 50946 46a8c6 50938->50946 50943 403400 4 API calls 50939->50943 50942 403494 4 API calls 50940->50942 50944 46a90c 50941->50944 50955 46a9bf 50941->50955 50948 46a7b6 50942->50948 50943->50914 50944->50941 50979 494800 18 API calls 50944->50979 50946->50941 50946->50944 50949 403634 18 API calls 50946->50949 50947 46a939 50947->50955 50980 494aac 32 API calls 50947->50980 50948->50914 50951 403634 18 API calls 50948->50951 50949->50946 50951->50948 50953 46aa60 50982 429144 SendMessageA SendMessageA 50953->50982 50981 4290f4 SendMessageA 50955->50981 50956->50319 50958 40363c 50957->50958 50959 4034bc 18 API calls 50958->50959 50960 40364f 50959->50960 50961 403450 18 API calls 50960->50961 50962 403677 50961->50962 50985 42a040 SendMessageA 50963->50985 50965 4696eb 50966 46970b 50965->50966 50986 42a040 SendMessageA 50965->50986 50966->50904 50968 4696fb 50968->50904 50987 47bdb0 50969->50987 50976 4699fd 50972->50976 50973 469a5f 50974 403400 4 API calls 50973->50974 50975 469a74 50974->50975 50975->50933 50976->50973 51332 469954 57 API calls 50976->51332 50978->50926 50979->50947 50980->50955 50981->50953 50982->50872 50983->50892 50984->50892 50985->50965 50986->50968 50988 403494 4 API calls 50987->50988 50989 47bde3 50988->50989 50990 47bee8 50989->50990 50994 403778 18 API calls 50989->50994 50998 4037b8 18 API calls 50989->50998 50999 47ac24 50989->50999 51243 453344 18 API calls 50989->51243 51244 403800 50989->51244 51248 42c97c CharPrevA 50989->51248 50991 403420 4 API calls 50990->50991 50992 47bdab 50991->50992 50992->50927 50994->50989 50998->50989 51000 47ac76 50999->51000 51003 47ac54 50999->51003 51001 47ac96 51000->51001 51002 47ac84 51000->51002 51006 47aca4 51001->51006 51007 47acf9 51001->51007 51004 403494 4 API calls 51002->51004 51003->51000 51253 479b54 33 API calls 51003->51253 51096 47ac91 51004->51096 51009 47acd3 51006->51009 51010 47acad 51006->51010 51017 47ad07 51007->51017 51018 47ad1a 51007->51018 51008 403400 4 API calls 51012 47b61c 51008->51012 51011 47ace6 51009->51011 51255 453344 18 API calls 51009->51255 51013 47acc0 51010->51013 51254 453344 18 API calls 51010->51254 51015 403494 4 API calls 51011->51015 51016 403400 4 API calls 51012->51016 51020 403494 4 API calls 51013->51020 51015->51096 51021 47b624 51016->51021 51022 403494 4 API calls 51017->51022 51023 47ad3b 51018->51023 51024 47ad28 51018->51024 51020->51096 51021->50989 51022->51096 51026 47ad8b 51023->51026 51027 47ad49 51023->51027 51025 403494 4 API calls 51024->51025 51025->51096 51032 47adac 51026->51032 51033 47ad99 51026->51033 51028 47ad65 51027->51028 51029 47ad52 51027->51029 51031 47ad78 51028->51031 51256 453344 18 API calls 51028->51256 51030 403494 4 API calls 51029->51030 51030->51096 51035 403494 4 API calls 51031->51035 51037 47adcd 51032->51037 51038 47adba 51032->51038 51036 403494 4 API calls 51033->51036 51035->51096 51036->51096 51040 47adee 51037->51040 51041 47addb 51037->51041 51039 403494 4 API calls 51038->51039 51039->51096 51043 47ae0f 51040->51043 51044 47adfc 51040->51044 51042 403494 4 API calls 51041->51042 51042->51096 51046 47ae1d 51043->51046 51047 47ae4b 51043->51047 51045 403494 4 API calls 51044->51045 51045->51096 51048 47ae26 51046->51048 51049 47ae39 51046->51049 51052 47ae59 51047->51052 51053 47ae88 51047->51053 51050 403494 4 API calls 51048->51050 51051 47bd90 57 API calls 51049->51051 51050->51096 51051->51096 51054 47ae75 51052->51054 51055 47ae62 51052->51055 51058 47ae96 51053->51058 51059 47aec4 51053->51059 51057 403494 4 API calls 51054->51057 51056 403494 4 API calls 51055->51056 51056->51096 51057->51096 51060 47aeb2 51058->51060 51061 47ae9f 51058->51061 51064 47aed2 51059->51064 51065 47af01 51059->51065 51063 47bd90 57 API calls 51060->51063 51062 403494 4 API calls 51061->51062 51062->51096 51063->51096 51066 47aeee 51064->51066 51067 47aedb 51064->51067 51070 47af22 51065->51070 51071 47af0f 51065->51071 51069 403494 4 API calls 51066->51069 51068 403494 4 API calls 51067->51068 51068->51096 51069->51096 51073 47af43 51070->51073 51074 47af30 51070->51074 51072 403494 4 API calls 51071->51072 51072->51096 51096->51008 51243->50989 51245 403804 51244->51245 51247 40382f 51244->51247 51246 4038a4 18 API calls 51245->51246 51246->51247 51247->50989 51248->50989 51253->51003 51254->51013 51255->51011 51256->51031 51332->50976 51334 47d809 51333->51334 51337 47d846 51333->51337 51365 455d0c 51334->51365 51337->50325 51339 47d85d 51339->50325 51484 466588 51340->51484 51343->50335 51345 42f56c 51344->51345 51346 42f58f GetActiveWindow GetFocus 51345->51346 51347 41eea4 2 API calls 51346->51347 51348 42f5a6 51347->51348 51349 42f5c3 51348->51349 51350 42f5b3 RegisterClassA 51348->51350 51351 42f652 SetFocus 51349->51351 51352 42f5d1 CreateWindowExA 51349->51352 51350->51349 51353 403400 4 API calls 51351->51353 51352->51351 51354 42f604 51352->51354 51355 42f66e 51353->51355 51515 42427c 51354->51515 51360 494aac 32 API calls 51355->51360 51357 42f62c 51358 42f634 CreateWindowExA 51357->51358 51358->51351 51359 42f64a ShowWindow 51358->51359 51359->51351 51360->50372 51521 44b514 51361->51521 51366 455d1d 51365->51366 51367 455d21 51366->51367 51368 455d2a 51366->51368 51391 455a10 51367->51391 51399 455af0 43 API calls 51368->51399 51371 455d27 51371->51337 51372 47d460 51371->51372 51378 47d55c 51372->51378 51381 47d4a0 51372->51381 51373 47d4ff 51374 403420 4 API calls 51373->51374 51375 47d63f 51374->51375 51375->51339 51378->51373 51383 47d5ad 51378->51383 51454 479150 51378->51454 51380 47bd90 57 API calls 51380->51383 51381->51373 51381->51378 51382 47bd90 57 API calls 51381->51382 51389 47d508 51381->51389 51428 479290 51381->51428 51439 4793f4 51381->51439 51382->51381 51383->51378 51383->51380 51385 454100 34 API calls 51383->51385 51387 47d549 51383->51387 51384 47bd90 57 API calls 51384->51389 51385->51383 51387->51373 51389->51381 51389->51384 51389->51387 51443 42c92c 51389->51443 51448 42c954 51389->51448 51453 47d16c 66 API calls 51389->51453 51400 42de1c 51391->51400 51393 455a2d 51394 455a7b 51393->51394 51403 455944 51393->51403 51394->51371 51397 455944 20 API calls 51398 455a5c RegCloseKey 51397->51398 51398->51371 51399->51371 51401 42de27 51400->51401 51402 42de2d RegOpenKeyExA 51400->51402 51401->51402 51402->51393 51408 42dd58 51403->51408 51405 403420 4 API calls 51406 4559f6 51405->51406 51406->51397 51407 45596c 51407->51405 51411 42dc00 51408->51411 51412 42dc26 RegQueryValueExA 51411->51412 51417 42dc49 51412->51417 51427 42dc6b 51412->51427 51413 403400 4 API calls 51415 42dd37 51413->51415 51414 42dc63 51416 403400 4 API calls 51414->51416 51415->51407 51416->51427 51417->51414 51418 4034e0 18 API calls 51417->51418 51419 403744 18 API calls 51417->51419 51417->51427 51418->51417 51420 42dca0 RegQueryValueExA 51419->51420 51420->51412 51422 42dcbc 51420->51422 51421 4038a4 18 API calls 51423 42dcfe 51421->51423 51422->51421 51422->51427 51424 42dd10 51423->51424 51426 403744 18 API calls 51423->51426 51425 403450 18 API calls 51424->51425 51425->51427 51426->51424 51427->51413 51429 4792a6 51428->51429 51430 4792a2 51428->51430 51431 403450 18 API calls 51429->51431 51430->51381 51432 4792b3 51431->51432 51433 4792d3 51432->51433 51434 4792b9 51432->51434 51435 479150 33 API calls 51433->51435 51436 479150 33 API calls 51434->51436 51437 4792cf 51435->51437 51436->51437 51438 403400 4 API calls 51437->51438 51438->51430 51440 479400 51439->51440 51441 47941b 51440->51441 51466 453344 18 API calls 51440->51466 51441->51381 51467 42c79c 51443->51467 51446 403778 18 API calls 51447 42c94e 51446->51447 51447->51389 51449 42c79c IsDBCSLeadByte 51448->51449 51450 42c964 51449->51450 51451 403778 18 API calls 51450->51451 51452 42c975 51451->51452 51452->51389 51453->51389 51455 47916b 51454->51455 51456 47922a 51455->51456 51459 47919c 51455->51459 51479 479004 33 API calls 51455->51479 51456->51378 51458 4791c1 51462 4791e2 51458->51462 51481 479004 33 API calls 51458->51481 51459->51458 51480 479004 33 API calls 51459->51480 51462->51456 51463 479222 51462->51463 51482 453344 18 API calls 51462->51482 51473 478e88 51463->51473 51466->51441 51468 42c67c IsDBCSLeadByte 51467->51468 51469 42c7b1 51468->51469 51470 42c7fb 51469->51470 51472 42c444 IsDBCSLeadByte 51469->51472 51470->51446 51472->51469 51474 478ec3 51473->51474 51475 403450 18 API calls 51474->51475 51476 478ee8 51475->51476 51483 477578 33 API calls 51476->51483 51478 478f29 51478->51456 51479->51459 51480->51458 51481->51462 51482->51463 51483->51478 51485 403494 4 API calls 51484->51485 51486 4665b6 51485->51486 51501 42dbc8 51486->51501 51489 42dbc8 19 API calls 51490 4665da 51489->51490 51491 466474 33 API calls 51490->51491 51492 4665e4 51491->51492 51493 42dbc8 19 API calls 51492->51493 51494 4665f3 51493->51494 51504 4664ec 51494->51504 51497 42dbc8 19 API calls 51498 46660c 51497->51498 51499 403400 4 API calls 51498->51499 51500 466621 51499->51500 51500->50329 51508 42db10 51501->51508 51505 46650c 51504->51505 51506 4078f4 33 API calls 51505->51506 51507 466556 51506->51507 51507->51497 51509 42db30 51508->51509 51510 42dbbb 51508->51510 51509->51510 51511 4037b8 18 API calls 51509->51511 51513 403800 18 API calls 51509->51513 51514 42c444 IsDBCSLeadByte 51509->51514 51510->51489 51511->51509 51513->51509 51514->51509 51516 4242ae 51515->51516 51517 42428e GetWindowTextA 51515->51517 51519 403494 4 API calls 51516->51519 51518 4034e0 18 API calls 51517->51518 51520 4242ac 51518->51520 51519->51520 51520->51357 51524 44b38c 51521->51524 51525 44b3bf 51524->51525 51526 414ae8 18 API calls 51525->51526 51527 44b3d2 51526->51527 51528 44b3ff GetDC 51527->51528 51529 40357c 18 API calls 51527->51529 51535 41a1e8 51528->51535 51529->51528 51532 44b430 51543 44b0c0 51532->51543 51536 41a2af 51535->51536 51537 41a213 51535->51537 51538 403400 4 API calls 51536->51538 51554 403520 51537->51554 51539 41a2c7 SelectObject 51538->51539 51539->51532 51541 41a26b 51542 41a2a3 CreateFontIndirectA 51541->51542 51542->51536 51544 44b0d7 51543->51544 51545 44b16a 51544->51545 51546 44b0ea 51544->51546 51547 44b153 51544->51547 51546->51545 51555 4034e0 18 API calls 51554->51555 51556 40352a 51555->51556 51556->51541 51559 46514b 51557->51559 51558 465226 51568 466f00 51558->51568 51559->51558 51563 46519b 51559->51563 51580 421a1c 51559->51580 51560 4651de 51560->51558 51586 4185b8 21 API calls 51560->51586 51563->51560 51564 4651d5 51563->51564 51565 4651e0 51563->51565 51566 421a1c 21 API calls 51564->51566 51567 421a1c 21 API calls 51565->51567 51566->51560 51567->51560 51569 466f30 51568->51569 51570 466f11 51568->51570 51569->50396 51571 414b18 18 API calls 51570->51571 51572 466f1f 51571->51572 51573 414b18 18 API calls 51572->51573 51573->51569 51583 421a74 51580->51583 51585 421a2a 51580->51585 51583->51563 51584 421a59 51584->51583 51595 421d28 SetFocus GetFocus 51584->51595 51585->51584 51587 408cbc 51585->51587 51586->51558 51588 408cc8 51587->51588 51596 406dec LoadStringA 51588->51596 51591 403450 18 API calls 51592 408cf9 51591->51592 51593 403400 4 API calls 51592->51593 51594 408d0e 51593->51594 51594->51584 51595->51583 51597 4034e0 18 API calls 51596->51597 51598 406e19 51597->51598 51598->51591 51643 46c619 51642->51643 51644 46c666 51643->51644 51645 414ae8 18 API calls 51643->51645 51647 403420 4 API calls 51644->51647 51646 46c62f 51645->51646 51849 466798 20 API calls 51646->51849 51649 46c710 51647->51649 51649->50476 51841 408be0 19 API calls 51649->51841 51650 46c637 51651 414b18 18 API calls 51650->51651 51652 46c645 51651->51652 51653 46c652 51652->51653 51655 46c66b 51652->51655 51850 47eab4 56 API calls 51653->51850 51656 46c683 51655->51656 51657 46687c CharNextA 51655->51657 51851 47eab4 56 API calls 51656->51851 51659 46c67f 51657->51659 51659->51656 51660 46c699 51659->51660 51661 46c6b5 51660->51661 51662 46c69f 51660->51662 51663 42c99c CharNextA 51661->51663 51852 47eab4 56 API calls 51662->51852 51665 46c6c2 51663->51665 51665->51644 51853 466908 18 API calls 51665->51853 51667 46c6d9 51668 451458 18 API calls 51667->51668 51669 46c6e6 51668->51669 51854 47eab4 56 API calls 51669->51854 51672 4241ed SetActiveWindow 51671->51672 51677 424223 51671->51677 51855 42364c 51672->51855 51676 42420a 51676->51677 51678 42421d SetFocus 51676->51678 51677->50488 51677->50489 51678->51677 51680 481fe9 51679->51680 51681 481fbb 51679->51681 51683 4759c0 51680->51683 51868 49485c 32 API calls 51681->51868 51869 457b60 51683->51869 51687 475a16 51893 46e17c 51687->51893 51842->50484 51849->51650 51850->51644 51851->51644 51852->51644 51853->51667 51854->51644 51864 4235f8 SystemParametersInfoA 51855->51864 51857 423665 ShowWindow 51860 423670 51857->51860 51861 423677 51857->51861 51867 423628 SystemParametersInfoA 51860->51867 51863 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 51861->51863 51863->51676 51865 423616 51864->51865 51865->51857 51866 423628 SystemParametersInfoA 51865->51866 51866->51857 51867->51861 51868->51680 51870 457c94 51869->51870 51871 457b8c 51869->51871 51872 457ce5 51870->51872 52345 4573c8 20 API calls 51870->52345 52341 45785c GetSystemTimeAsFileTime FileTimeToSystemTime 51871->52341 51875 403400 4 API calls 51872->51875 51877 457cfa 51875->51877 51876 457b94 51878 4078f4 33 API calls 51876->51878 51890 4072a8 51877->51890 51879 457c05 51878->51879 52342 457b50 34 API calls 51879->52342 51881 403778 18 API calls 51885 457c0d 51881->51885 51882 457c5b 51883 457c8a 51882->51883 51887 403778 18 API calls 51882->51887 51885->51881 51885->51882 51886 457b50 34 API calls 51885->51886 51886->51885 51891 403738 51890->51891 51892 4072b2 SetCurrentDirectoryA 51891->51892 51892->51687 52341->51876 52342->51885 52345->51872 53552 431eec 53513->53552 53515 403400 4 API calls 53516 43da76 53515->53516 53516->50545 53516->50546 53517 43d9f2 53517->53515 53519 431bd6 53518->53519 53520 402648 18 API calls 53519->53520 53521 431c06 53520->53521 53522 494368 53521->53522 53523 49443d 53522->53523 53524 494382 53522->53524 53529 494480 53523->53529 53524->53523 53525 433d6c 18 API calls 53524->53525 53528 403450 18 API calls 53524->53528 53557 408c0c 18 API calls 53524->53557 53558 431ca0 53524->53558 53525->53524 53528->53524 53530 49449c 53529->53530 53566 433d6c 53530->53566 53532 4944a1 53533 431ca0 18 API calls 53532->53533 53534 4944ac 53533->53534 53535 43d594 53534->53535 53536 43d5c1 53535->53536 53541 43d5b3 53535->53541 53536->50556 53537 43d63d 53545 43d6f7 53537->53545 53569 447084 53537->53569 53539 43d688 53575 43dd50 53539->53575 53541->53536 53541->53537 53542 447084 18 API calls 53541->53542 53542->53541 53543 43d8fd 53543->53536 53595 447024 18 API calls 53543->53595 53545->53543 53546 43d8de 53545->53546 53593 447024 18 API calls 53545->53593 53594 447024 18 API calls 53546->53594 53549->50558 53550->50560 53551->50547 53553 403494 4 API calls 53552->53553 53555 431efb 53553->53555 53554 431f25 53554->53517 53555->53554 53556 403744 18 API calls 53555->53556 53556->53555 53557->53524 53559 431cc0 53558->53559 53560 431cae 53558->53560 53562 431ce2 53559->53562 53565 431c40 18 API calls 53559->53565 53564 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53560->53564 53562->53524 53564->53559 53565->53562 53567 402648 18 API calls 53566->53567 53568 433d7b 53567->53568 53568->53532 53570 4470a3 53569->53570 53571 4470aa 53569->53571 53596 446e30 18 API calls 53570->53596 53573 431ca0 18 API calls 53571->53573 53574 4470ba 53573->53574 53574->53539 53576 43dd6c 53575->53576 53581 43dd99 53575->53581 53577 402660 4 API calls 53576->53577 53576->53581 53577->53576 53578 43ddce 53578->53545 53580 43fea5 53580->53578 53606 447024 18 API calls 53580->53606 53581->53578 53581->53580 53582 447024 18 API calls 53581->53582 53584 43c938 18 API calls 53581->53584 53585 433b18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53585 53589 433d18 18 API calls 53581->53589 53590 436650 18 API calls 53581->53590 53591 431c40 18 API calls 53581->53591 53592 446e30 18 API calls 53581->53592 53597 4396e0 53581->53597 53603 436e4c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53603 53604 43dc48 32 API calls 53581->53604 53605 433d34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53605 53582->53581 53584->53581 53585->53581 53589->53581 53590->53581 53591->53581 53592->53581 53593->53545 53594->53543 53595->53543 53596->53571 53598 4396e9 53597->53598 53599 403400 4 API calls 53598->53599 53600 43c8e8 53599->53600 53603->53581 53604->53581 53605->53581 53606->53580 53609 4358e0 53610 4358f5 53609->53610 53614 43590f 53610->53614 53615 4352c8 53610->53615 53619 4352f8 53615->53619 53625 435312 53615->53625 53616 403400 4 API calls 53617 435717 53616->53617 53617->53614 53628 435728 18 API calls 53617->53628 53618 446da4 18 API calls 53618->53619 53619->53618 53620 403450 18 API calls 53619->53620 53621 402648 18 API calls 53619->53621 53623 431ca0 18 API calls 53619->53623 53624 4038a4 18 API calls 53619->53624 53619->53625 53626 403744 18 API calls 53619->53626 53629 4343b0 53619->53629 53641 434b74 18 API calls 53619->53641 53620->53619 53621->53619 53623->53619 53624->53619 53625->53616 53626->53619 53628->53614 53630 43446d 53629->53630 53631 4343dd 53629->53631 53660 434310 18 API calls 53630->53660 53633 403494 4 API calls 53631->53633 53635 4343eb 53633->53635 53634 43445f 53636 403400 4 API calls 53634->53636 53637 403778 18 API calls 53635->53637 53638 4344bd 53636->53638 53639 43440c 53637->53639 53638->53619 53639->53634 53642 4944b4 53639->53642 53641->53619 53643 4944ec 53642->53643 53644 494584 53642->53644 53645 403494 4 API calls 53643->53645 53661 448930 53644->53661 53649 4944f7 53645->53649 53647 403400 4 API calls 53648 4945a8 53647->53648 53650 403400 4 API calls 53648->53650 53651 4037b8 18 API calls 53649->53651 53654 494507 53649->53654 53652 4945b0 53650->53652 53653 494520 53651->53653 53652->53639 53653->53654 53655 4037b8 18 API calls 53653->53655 53654->53647 53656 494543 53655->53656 53657 403778 18 API calls 53656->53657 53658 494574 53657->53658 53659 403634 18 API calls 53658->53659 53659->53644 53660->53634 53662 448955 53661->53662 53672 448998 53661->53672 53663 403494 4 API calls 53662->53663 53665 448960 53663->53665 53664 4489ac 53667 403400 4 API calls 53664->53667 53669 4037b8 18 API calls 53665->53669 53668 4489df 53667->53668 53668->53654 53670 44897c 53669->53670 53671 4037b8 18 API calls 53670->53671 53671->53672 53672->53664 53673 44852c 53672->53673 53674 403494 4 API calls 53673->53674 53675 448562 53674->53675 53676 4037b8 18 API calls 53675->53676 53677 448574 53676->53677 53678 403778 18 API calls 53677->53678 53679 448595 53678->53679 53680 4037b8 18 API calls 53679->53680 53681 4485ad 53680->53681 53682 403778 18 API calls 53681->53682 53683 4485d8 53682->53683 53684 4037b8 18 API calls 53683->53684 53695 4485f0 53684->53695 53685 448628 53687 403420 4 API calls 53685->53687 53686 4486c3 53690 4486cb GetProcAddress 53686->53690 53691 448708 53687->53691 53688 44864b LoadLibraryExA 53688->53695 53689 44865d LoadLibraryA 53689->53695 53692 4486de 53690->53692 53691->53664 53692->53685 53693 403b80 18 API calls 53693->53695 53694 403450 18 API calls 53694->53695 53695->53685 53695->53686 53695->53688 53695->53689 53695->53693 53695->53694 53697 43da88 18 API calls 53695->53697 53697->53695 53698 416b42 53699 416bea 53698->53699 53700 416b5a 53698->53700 53717 41531c 18 API calls 53699->53717 53702 416b74 SendMessageA 53700->53702 53703 416b68 53700->53703 53713 416bc8 53702->53713 53704 416b72 CallWindowProcA 53703->53704 53705 416b8e 53703->53705 53704->53713 53714 41a058 GetSysColor 53705->53714 53708 416b99 SetTextColor 53709 416bae 53708->53709 53715 41a058 GetSysColor 53709->53715 53711 416bb3 SetBkColor 53716 41a6e0 GetSysColor CreateBrushIndirect 53711->53716 53714->53708 53715->53711 53716->53713 53717->53713 53718 416644 53719 416651 53718->53719 53720 4166ab 53718->53720 53725 416550 CreateWindowExA 53719->53725 53721 416658 SetPropA SetPropA 53721->53720 53722 41668b 53721->53722 53723 41669e SetWindowPos 53722->53723 53723->53720 53725->53721 53726 4222e4 53727 4222f3 53726->53727 53732 421274 53727->53732 53730 422313 53733 4212e3 53732->53733 53747 421283 53732->53747 53736 4212f4 53733->53736 53757 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 53733->53757 53735 421322 53739 421395 53735->53739 53744 42133d 53735->53744 53736->53735 53738 4213ba 53736->53738 53737 421393 53740 4213e6 53737->53740 53759 421e2c 25 API calls 53737->53759 53738->53737 53742 4213ce SetMenu 53738->53742 53739->53737 53746 4213a9 53739->53746 53760 4211bc 24 API calls 53740->53760 53742->53737 53744->53737 53750 421360 GetMenu 53744->53750 53745 4213ed 53745->53730 53755 4221e8 10 API calls 53745->53755 53749 4213b2 SetMenu 53746->53749 53747->53733 53756 408d2c 33 API calls 53747->53756 53749->53737 53751 421383 53750->53751 53752 42136a 53750->53752 53758 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 53751->53758 53754 42137d SetMenu 53752->53754 53754->53751 53755->53730 53756->53747 53757->53736 53758->53737 53759->53740 53760->53745 53761 480441 53766 451004 53761->53766 53763 480455 53776 47f4f0 53763->53776 53765 480479 53767 451011 53766->53767 53769 451065 53767->53769 53782 408c0c 18 API calls 53767->53782 53770 450e88 InterlockedExchange 53769->53770 53771 451077 53770->53771 53773 45108d 53771->53773 53783 408c0c 18 API calls 53771->53783 53774 4510d0 53773->53774 53784 408c0c 18 API calls 53773->53784 53774->53763 53785 40b3c8 53776->53785 53778 47f55d 53778->53765 53779 4069dc 18 API calls 53780 47f512 53779->53780 53780->53778 53780->53779 53789 4764b4 53780->53789 53782->53769 53783->53773 53784->53774 53786 40b3d3 53785->53786 53787 40b3f3 53786->53787 53805 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53786->53805 53787->53780 53801 47652e 53789->53801 53802 4764e5 53789->53802 53790 476579 53806 451294 53790->53806 53791 451294 35 API calls 53791->53802 53793 451294 35 API calls 53793->53801 53794 476590 53796 403420 4 API calls 53794->53796 53795 4038a4 18 API calls 53795->53802 53798 4765aa 53796->53798 53797 4038a4 18 API calls 53797->53801 53798->53780 53799 403744 18 API calls 53799->53802 53800 403450 18 API calls 53800->53802 53801->53790 53801->53793 53801->53797 53803 403450 18 API calls 53801->53803 53804 403744 18 API calls 53801->53804 53802->53791 53802->53795 53802->53799 53802->53800 53802->53801 53803->53801 53804->53801 53805->53787 53807 4512a4 53806->53807 53808 4512af 53806->53808 53807->53794 53812 451238 35 API calls 53808->53812 53810 4512ba 53810->53807 53813 408c0c 18 API calls 53810->53813 53812->53810 53813->53807 53814 44b4a8 53815 44b4b6 53814->53815 53817 44b4d5 53814->53817 53816 44b38c 25 API calls 53815->53816 53815->53817 53816->53817 53818 448728 53819 448756 53818->53819 53820 44875d 53818->53820 53823 403400 4 API calls 53819->53823 53821 448771 53820->53821 53824 44852c 21 API calls 53820->53824 53821->53819 53822 403494 4 API calls 53821->53822 53825 44878a 53822->53825 53826 448907 53823->53826 53824->53821 53827 4037b8 18 API calls 53825->53827 53828 4487a6 53827->53828 53829 4037b8 18 API calls 53828->53829 53830 4487c2 53829->53830 53830->53819 53831 4487d6 53830->53831 53832 4037b8 18 API calls 53831->53832 53833 4487f0 53832->53833 53834 431bd0 18 API calls 53833->53834 53835 448812 53834->53835 53836 431ca0 18 API calls 53835->53836 53837 448832 53835->53837 53836->53835 53840 448870 53837->53840 53861 4435d0 18 API calls 53837->53861 53844 448888 53840->53844 53862 4435d0 18 API calls 53840->53862 53841 4488bc GetLastError 53863 4484c0 18 API calls 53841->53863 53850 442334 53844->53850 53845 4488cb 53864 443610 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53845->53864 53847 4488e0 53865 443620 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53847->53865 53849 4488e8 53851 443312 53850->53851 53852 44236d 53850->53852 53854 403400 4 API calls 53851->53854 53853 403400 4 API calls 53852->53853 53855 442375 53853->53855 53856 443327 53854->53856 53857 431bd0 18 API calls 53855->53857 53856->53841 53859 442381 53857->53859 53858 443302 53858->53841 53859->53858 53866 441a0c 18 API calls 53859->53866 53861->53837 53862->53844 53863->53845 53864->53847 53865->53849 53866->53859 53867 4165ec DestroyWindow 53868 4915e4 53869 49161e 53868->53869 53870 49162a 53869->53870 53871 491620 53869->53871 53873 491639 53870->53873 53874 491662 53870->53874 54064 409098 MessageBeep 53871->54064 53876 446ff8 32 API calls 53873->53876 53879 49169a 53874->53879 53880 491671 53874->53880 53875 403420 4 API calls 53877 491c76 53875->53877 53878 491646 53876->53878 53881 403400 4 API calls 53877->53881 54065 406bb0 53878->54065 53889 4916a9 53879->53889 53890 4916d2 53879->53890 53883 446ff8 32 API calls 53880->53883 53884 491c7e 53881->53884 53886 49167e 53883->53886 54073 406c00 18 API calls 53886->54073 53892 446ff8 32 API calls 53889->53892 53895 4916fa 53890->53895 53896 4916e1 53890->53896 53891 491689 54074 44734c 19 API calls 53891->54074 53894 4916b6 53892->53894 54075 406c34 18 API calls 53894->54075 53903 491709 53895->53903 53904 49172e 53895->53904 54077 407280 19 API calls 53896->54077 53899 4916c1 54076 44734c 19 API calls 53899->54076 53901 4916e9 54078 44734c 19 API calls 53901->54078 53906 446ff8 32 API calls 53903->53906 53909 49173d 53904->53909 53910 491766 53904->53910 53905 491625 53905->53875 53907 491716 53906->53907 53908 4072a8 SetCurrentDirectoryA 53907->53908 53911 49171e 53908->53911 53912 446ff8 32 API calls 53909->53912 53915 49179e 53910->53915 53916 491775 53910->53916 54079 4470d0 19 API calls 53911->54079 53914 49174a 53912->53914 53917 42c804 19 API calls 53914->53917 53923 4917ea 53915->53923 53924 4917ad 53915->53924 53918 446ff8 32 API calls 53916->53918 53919 491755 53917->53919 53920 491782 53918->53920 54080 44734c 19 API calls 53919->54080 54081 4071f8 22 API calls 53920->54081 53929 4917f9 53923->53929 53930 491822 53923->53930 53926 446ff8 32 API calls 53924->53926 53925 49178d 54082 44734c 19 API calls 53925->54082 53928 4917bc 53926->53928 53931 446ff8 32 API calls 53928->53931 53932 446ff8 32 API calls 53929->53932 53936 49185a 53930->53936 53937 491831 53930->53937 53933 4917cd 53931->53933 53935 491806 53932->53935 54083 4912e8 22 API calls 53933->54083 53939 42c8a4 19 API calls 53935->53939 53946 491869 53936->53946 53947 491892 53936->53947 53940 446ff8 32 API calls 53937->53940 53938 4917d9 54084 44734c 19 API calls 53938->54084 53942 491811 53939->53942 53943 49183e 53940->53943 54085 44734c 19 API calls 53942->54085 53945 42c8cc 19 API calls 53943->53945 53948 491849 53945->53948 53949 446ff8 32 API calls 53946->53949 53952 4918ca 53947->53952 53953 4918a1 53947->53953 54086 44734c 19 API calls 53948->54086 53951 491876 53949->53951 54087 42c8fc 19 API calls 53951->54087 53960 4918d9 53952->53960 53961 491902 53952->53961 53955 446ff8 32 API calls 53953->53955 53958 4918ae 53955->53958 53956 491881 54088 44734c 19 API calls 53956->54088 53959 42c92c 19 API calls 53958->53959 53963 4918b9 53959->53963 53962 446ff8 32 API calls 53960->53962 53967 49194e 53961->53967 53968 491911 53961->53968 53964 4918e6 53962->53964 54089 44734c 19 API calls 53963->54089 53966 42c954 19 API calls 53964->53966 53969 4918f1 53966->53969 53973 49195d 53967->53973 53974 4919a0 53967->53974 53970 446ff8 32 API calls 53968->53970 54090 44734c 19 API calls 53969->54090 53972 491920 53970->53972 53975 446ff8 32 API calls 53972->53975 53976 446ff8 32 API calls 53973->53976 53980 4919af 53974->53980 53981 491a13 53974->53981 53977 491931 53975->53977 53978 491970 53976->53978 54091 42c4f8 19 API calls 53977->54091 53982 446ff8 32 API calls 53978->53982 53985 446ff8 32 API calls 53980->53985 53989 491a52 53981->53989 53990 491a22 53981->53990 53986 491981 53982->53986 53983 49193d 54092 44734c 19 API calls 53983->54092 53987 4919bc 53985->53987 54093 4914e0 26 API calls 53986->54093 54056 42c608 21 API calls 53987->54056 54001 491a91 53989->54001 54002 491a61 53989->54002 53993 446ff8 32 API calls 53990->53993 53992 49198f 54094 44734c 19 API calls 53992->54094 53996 491a2f 53993->53996 53994 4919ca 53997 4919ce 53994->53997 53998 491a03 53994->53998 54097 452908 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 53996->54097 54000 446ff8 32 API calls 53997->54000 54096 4470d0 19 API calls 53998->54096 54005 4919dd 54000->54005 54011 491ad0 54001->54011 54012 491aa0 54001->54012 54006 446ff8 32 API calls 54002->54006 54004 491a3c 54098 4470d0 19 API calls 54004->54098 54057 452c80 54005->54057 54009 491a6e 54006->54009 54010 452770 5 API calls 54009->54010 54015 491a7b 54010->54015 54020 491b18 54011->54020 54021 491adf 54011->54021 54016 446ff8 32 API calls 54012->54016 54013 491a4d 54013->53905 54014 4919ed 54095 4470d0 19 API calls 54014->54095 54099 4470d0 19 API calls 54015->54099 54019 491aad 54016->54019 54100 452e10 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 54019->54100 54028 491b60 54020->54028 54029 491b27 54020->54029 54023 446ff8 32 API calls 54021->54023 54025 491aee 54023->54025 54024 491aba 54101 4470d0 19 API calls 54024->54101 54027 446ff8 32 API calls 54025->54027 54030 491aff 54027->54030 54034 491b73 54028->54034 54040 491c29 54028->54040 54031 446ff8 32 API calls 54029->54031 54036 447278 19 API calls 54030->54036 54032 491b36 54031->54032 54033 446ff8 32 API calls 54032->54033 54035 491b47 54033->54035 54037 446ff8 32 API calls 54034->54037 54041 447278 19 API calls 54035->54041 54036->53905 54038 491ba0 54037->54038 54039 446ff8 32 API calls 54038->54039 54042 491bb7 54039->54042 54040->53905 54105 446f9c 32 API calls 54040->54105 54041->53905 54102 407ddc 21 API calls 54042->54102 54044 491c42 54045 42e8c8 19 API calls 54044->54045 54046 491c4a 54045->54046 54106 44734c 19 API calls 54046->54106 54049 491bd9 54050 446ff8 32 API calls 54049->54050 54051 491bed 54050->54051 54103 408508 18 API calls 54051->54103 54053 491bf8 54104 44734c 19 API calls 54053->54104 54055 491c04 54056->53994 54058 452724 2 API calls 54057->54058 54060 452c99 54058->54060 54059 452c9d 54059->54014 54060->54059 54061 452cc1 MoveFileA GetLastError 54060->54061 54062 452760 Wow64RevertWow64FsRedirection 54061->54062 54063 452ce7 54062->54063 54063->54014 54064->53905 54066 406bbf 54065->54066 54067 406be1 54066->54067 54068 406bd8 54066->54068 54070 403778 18 API calls 54067->54070 54069 403400 4 API calls 54068->54069 54071 406bdf 54069->54071 54070->54071 54072 44734c 19 API calls 54071->54072 54072->53905 54073->53891 54074->53905 54075->53899 54076->53905 54077->53901 54078->53905 54079->53905 54080->53905 54081->53925 54082->53905 54083->53938 54084->53905 54085->53905 54086->53905 54087->53956 54088->53905 54089->53905 54090->53905 54091->53983 54092->53905 54093->53992 54094->53905 54095->53905 54096->53905 54097->54004 54098->54013 54099->53905 54100->54024 54101->53905 54102->54049 54103->54053 54104->54055 54105->54044 54106->53905 54107 42e3ef SetErrorMode 54108 441394 54109 44139d 54108->54109 54110 4413ab WriteFile 54108->54110 54109->54110 54111 4413b6 54110->54111 54112 498718 54170 403344 54112->54170 54114 498726 54173 4056a0 54114->54173 54116 49872b 54176 40631c GetModuleHandleA GetProcAddress 54116->54176 54120 498735 54184 40994c 54120->54184 54451 4032fc 54170->54451 54172 403349 GetModuleHandleA GetCommandLineA 54172->54114 54175 4056db 54173->54175 54452 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54173->54452 54175->54116 54177 406338 54176->54177 54178 40633f GetProcAddress 54176->54178 54177->54178 54179 406355 GetProcAddress 54178->54179 54180 40634e 54178->54180 54181 406364 SetProcessDEPPolicy 54179->54181 54182 406368 54179->54182 54180->54179 54181->54182 54183 4063c4 6F551CD0 54182->54183 54183->54120 54453 409024 54184->54453 54451->54172 54452->54175 54454 408cbc 19 API calls 54453->54454 54455 409035 54454->54455 54456 4085dc GetSystemDefaultLCID 54455->54456 54457 408612 54456->54457 54458 403450 18 API calls 54457->54458 54459 406dec 19 API calls 54457->54459 54460 408568 19 API calls 54457->54460 54463 408674 54457->54463 54458->54457 54459->54457 54460->54457 54461 406dec 19 API calls 54461->54463 54462 408568 19 API calls 54462->54463 54463->54461 54463->54462 54464 403450 18 API calls 54463->54464 54465 4086f7 54463->54465 54464->54463 54466 403420 4 API calls 54465->54466 54467 408711 54466->54467 54468 408720 GetSystemDefaultLCID 54467->54468 54525 408568 GetLocaleInfoA 54468->54525 54471 403450 18 API calls 54472 408760 54471->54472 54473 408568 19 API calls 54472->54473 54474 408775 54473->54474 54475 408568 19 API calls 54474->54475 54476 408799 54475->54476 54531 4085b4 GetLocaleInfoA 54476->54531 54479 4085b4 GetLocaleInfoA 54480 4087c9 54479->54480 54481 408568 19 API calls 54480->54481 54482 4087e3 54481->54482 54483 4085b4 GetLocaleInfoA 54482->54483 54484 408800 54483->54484 54485 408568 19 API calls 54484->54485 54486 40881a 54485->54486 54487 403450 18 API calls 54486->54487 54526 4085a1 54525->54526 54527 40858f 54525->54527 54529 403494 4 API calls 54526->54529 54528 4034e0 18 API calls 54527->54528 54530 40859f 54528->54530 54529->54530 54530->54471 54532 4085d0 54531->54532 54532->54479 55906 4804db 55907 4804e4 55906->55907 55908 48050f 55906->55908 55907->55908 55909 480501 55907->55909 55912 48054e 55908->55912 56280 47ef88 18 API calls 55908->56280 56278 476770 203 API calls 55909->56278 55911 480572 55919 4805ae 55911->55919 55920 480590 55911->55920 55912->55911 55915 480565 55912->55915 55916 480567 55912->55916 55914 480541 56281 47eff0 56 API calls 55914->56281 55923 47efcc 56 API calls 55915->55923 56282 47f060 56 API calls 55916->56282 55917 480506 55917->55908 56279 408be0 19 API calls 55917->56279 56285 47ee20 38 API calls 55919->56285 55924 4805a5 55920->55924 56283 47eff0 56 API calls 55920->56283 55923->55911 56284 47ee20 38 API calls 55924->56284 55928 4805ac 55929 4805be 55928->55929 55930 4805c4 55928->55930 55931 4805c2 55929->55931 55934 47efcc 56 API calls 55929->55934 55930->55931 55932 47efcc 56 API calls 55930->55932 56032 47c15c 55931->56032 55932->55931 55934->55931 55935 4805eb 56033 42d898 GetWindowsDirectoryA 56032->56033 56034 47c180 56033->56034 56035 403450 18 API calls 56034->56035 56036 47c18d 56035->56036 56037 42d8c4 GetSystemDirectoryA 56036->56037 56038 47c195 56037->56038 56039 403450 18 API calls 56038->56039 56040 47c1a2 56039->56040 56041 42d8f0 6 API calls 56040->56041 56042 47c1aa 56041->56042 56043 403450 18 API calls 56042->56043 56044 47c1b7 56043->56044 56045 47c1c0 56044->56045 56046 47c1dc 56044->56046 56317 42d208 56045->56317 56048 403400 4 API calls 56046->56048 56050 47c1da 56048->56050 56052 47c221 56050->56052 56053 42c8cc 19 API calls 56050->56053 56051 403450 18 API calls 56051->56050 56297 47bfe4 56052->56297 56055 47c1fc 56053->56055 56057 403450 18 API calls 56055->56057 56059 47c209 56057->56059 56058 403450 18 API calls 56060 47c23d 56058->56060 56059->56052 56062 403450 18 API calls 56059->56062 56061 47c25b 56060->56061 56063 4035c0 18 API calls 56060->56063 56064 47bfe4 22 API calls 56061->56064 56062->56052 56063->56061 56065 47c26a 56064->56065 56066 403450 18 API calls 56065->56066 56067 47c277 56066->56067 56068 47c29f 56067->56068 56069 42c3fc 19 API calls 56067->56069 56070 47c306 56068->56070 56073 47bfe4 22 API calls 56068->56073 56071 47c28d 56069->56071 56072 47c3ce 56070->56072 56077 47c326 SHGetKnownFolderPath 56070->56077 56076 4035c0 18 API calls 56071->56076 56074 47c3d7 56072->56074 56075 47c3f8 56072->56075 56078 47c2b7 56073->56078 56079 42c3fc 19 API calls 56074->56079 56080 42c3fc 19 API calls 56075->56080 56076->56068 56081 47c340 56077->56081 56082 47c37b SHGetKnownFolderPath 56077->56082 56083 403450 18 API calls 56078->56083 56084 47c3e4 56079->56084 56085 47c405 56080->56085 56327 403ba4 21 API calls 56081->56327 56082->56072 56087 47c395 56082->56087 56092 47c2c4 56083->56092 56088 4035c0 18 API calls 56084->56088 56089 4035c0 18 API calls 56085->56089 56328 403ba4 21 API calls 56087->56328 56090 47c35b CoTaskMemFree 56090->55935 56091 47c2d7 56097 47bfe4 22 API calls 56091->56097 56092->56091 56325 453344 18 API calls 56092->56325 56096 47c3b0 CoTaskMemFree 56096->55935 56278->55917 56280->55914 56281->55912 56282->55911 56283->55924 56284->55928 56285->55928 56298 42de1c RegOpenKeyExA 56297->56298 56299 47c00a 56298->56299 56300 47c030 56299->56300 56301 47c00e 56299->56301 56303 403400 4 API calls 56300->56303 56302 42dd4c 20 API calls 56301->56302 56304 47c01a 56302->56304 56305 47c037 56303->56305 56306 47c025 RegCloseKey 56304->56306 56307 403400 4 API calls 56304->56307 56305->56058 56306->56305 56307->56306 56318 4038a4 18 API calls 56317->56318 56319 42d21b 56318->56319 56320 42d232 GetEnvironmentVariableA 56319->56320 56324 42d245 56319->56324 56329 42dbd0 18 API calls 56319->56329 56320->56319 56321 42d23e 56320->56321 56323 403400 4 API calls 56321->56323 56323->56324 56324->56051 56325->56091 56327->56090 56328->56096 56329->56319 57792 40cc34 57795 406f10 WriteFile 57792->57795 57796 406f2d 57795->57796 57797 41ee54 57798 41ee63 IsWindowVisible 57797->57798 57799 41ee99 57797->57799 57798->57799 57800 41ee6d IsWindowEnabled 57798->57800 57800->57799 57801 41ee77 57800->57801 57802 402648 18 API calls 57801->57802 57803 41ee81 EnableWindow 57802->57803 57803->57799 57804 41fb58 57805 41fb61 57804->57805 57808 41fdfc 57805->57808 57807 41fb6e 57809 41feee 57808->57809 57810 41fe13 57808->57810 57809->57807 57810->57809 57829 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57810->57829 57812 41fe49 57813 41fe73 57812->57813 57814 41fe4d 57812->57814 57839 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57813->57839 57830 41fb9c 57814->57830 57818 41fe81 57820 41fe85 57818->57820 57821 41feab 57818->57821 57819 41fb9c 10 API calls 57823 41fe71 57819->57823 57824 41fb9c 10 API calls 57820->57824 57822 41fb9c 10 API calls 57821->57822 57825 41febd 57822->57825 57823->57807 57826 41fe97 57824->57826 57827 41fb9c 10 API calls 57825->57827 57828 41fb9c 10 API calls 57826->57828 57827->57823 57828->57823 57829->57812 57831 41fbb7 57830->57831 57832 41fbcd 57831->57832 57833 41f93c 4 API calls 57831->57833 57840 41f93c 57832->57840 57833->57832 57835 41fc15 57836 41fc38 SetScrollInfo 57835->57836 57848 41fa9c 57836->57848 57839->57818 57841 4181e0 57840->57841 57842 41f959 GetWindowLongA 57841->57842 57843 41f996 57842->57843 57844 41f976 57842->57844 57860 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 57843->57860 57859 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 57844->57859 57847 41f982 57847->57835 57849 41faaa 57848->57849 57850 41fab2 57848->57850 57849->57819 57851 41faef 57850->57851 57852 41faf1 57850->57852 57853 41fae1 57850->57853 57855 41fb31 GetScrollPos 57851->57855 57862 417e48 IsWindowVisible ScrollWindow SetWindowPos 57852->57862 57861 417e48 IsWindowVisible ScrollWindow SetWindowPos 57853->57861 57855->57849 57857 41fb3c 57855->57857 57858 41fb4b SetScrollPos 57857->57858 57858->57849 57859->57847 57860->57847 57861->57851 57862->57851 57863 420598 57864 4205ab 57863->57864 57884 415b30 57864->57884 57866 4206f2 57867 420709 57866->57867 57891 4146d4 KiUserCallbackDispatcher 57866->57891 57871 420720 57867->57871 57892 414718 KiUserCallbackDispatcher 57867->57892 57868 420651 57889 420848 34 API calls 57868->57889 57869 4205e6 57869->57866 57869->57868 57877 420642 MulDiv 57869->57877 57874 420742 57871->57874 57893 420060 12 API calls 57871->57893 57875 42066a 57875->57866 57890 420060 12 API calls 57875->57890 57888 41a304 19 API calls 57877->57888 57880 420687 57881 4206a3 MulDiv 57880->57881 57882 4206c6 57880->57882 57881->57882 57882->57866 57883 4206cf MulDiv 57882->57883 57883->57866 57885 415b42 57884->57885 57894 414470 57885->57894 57887 415b5a 57887->57869 57888->57868 57889->57875 57890->57880 57891->57867 57892->57871 57893->57874 57895 41448a 57894->57895 57898 410458 57895->57898 57897 4144a0 57897->57887 57901 40dca4 57898->57901 57900 41045e 57900->57897 57902 40dd06 57901->57902 57903 40dcb7 57901->57903 57908 40dd14 57902->57908 57906 40dd14 33 API calls 57903->57906 57907 40dce1 57906->57907 57907->57900 57909 40dd24 57908->57909 57911 40dd3a 57909->57911 57920 40e09c 57909->57920 57936 40d5e0 57909->57936 57939 40df4c 57911->57939 57914 40dd42 57915 40d5e0 19 API calls 57914->57915 57916 40ddae 57914->57916 57942 40db60 57914->57942 57915->57914 57918 40df4c 19 API calls 57916->57918 57919 40dd10 57918->57919 57919->57900 57921 40e96c 19 API calls 57920->57921 57922 40e0d7 57921->57922 57923 403778 18 API calls 57922->57923 57924 40e18d 57922->57924 58010 40d774 19 API calls 57922->58010 58011 40e080 19 API calls 57922->58011 57923->57922 57925 40e1b7 57924->57925 57926 40e1a8 57924->57926 58007 40ba24 57925->58007 57956 40e3c0 57926->57956 57932 40e1b5 57933 403400 4 API calls 57932->57933 57934 40e25c 57933->57934 57934->57909 57937 40ea08 19 API calls 57936->57937 57938 40d5ea 57937->57938 57938->57909 58044 40d4bc 57939->58044 57943 40df54 19 API calls 57942->57943 57944 40db93 57943->57944 57945 40e96c 19 API calls 57944->57945 57946 40db9e 57945->57946 57947 40e96c 19 API calls 57946->57947 57948 40dba9 57947->57948 57949 40dbc4 57948->57949 57950 40dbbb 57948->57950 57955 40dbc1 57948->57955 58053 40d9d8 57949->58053 58056 40dac8 33 API calls 57950->58056 57953 403420 4 API calls 57954 40dc8f 57953->57954 57954->57914 57955->57953 57957 40e3f6 57956->57957 57958 40e3ec 57956->57958 57960 40e511 57957->57960 57961 40e495 57957->57961 57962 40e4f6 57957->57962 57963 40e576 57957->57963 57964 40e438 57957->57964 57965 40e4d9 57957->57965 57966 40e47a 57957->57966 57967 40e4bb 57957->57967 57978 40e45c 57957->57978 58013 40d440 19 API calls 57958->58013 57969 40d764 19 API calls 57960->57969 58021 40de24 19 API calls 57961->58021 58026 40e890 19 API calls 57962->58026 57973 40d764 19 API calls 57963->57973 58014 40d764 57964->58014 58024 40e9a8 19 API calls 57965->58024 58020 40d818 19 API calls 57966->58020 58023 40dde4 19 API calls 57967->58023 57979 40e519 57969->57979 57972 403400 4 API calls 57980 40e5eb 57972->57980 57981 40e57e 57973->57981 57977 40e4a0 58022 40d470 19 API calls 57977->58022 57978->57972 57985 40e523 57979->57985 57986 40e51d 57979->57986 57980->57932 57987 40e582 57981->57987 57988 40e59b 57981->57988 57982 40e4e4 58025 409d38 18 API calls 57982->58025 58027 40ea08 57985->58027 57995 40e521 57986->57995 57996 40e53c 57986->57996 57998 40ea08 19 API calls 57987->57998 58033 40de24 19 API calls 57988->58033 57990 40e461 58019 40ded8 19 API calls 57990->58019 57991 40e444 58017 40de24 19 API calls 57991->58017 58031 40de24 19 API calls 57995->58031 58000 40ea08 19 API calls 57996->58000 57998->57978 57999 40e44f 58018 40e26c 19 API calls 57999->58018 58001 40e544 58000->58001 58030 40d8a0 19 API calls 58001->58030 58004 40e566 58032 40e2d4 18 API calls 58004->58032 58039 40b9d0 58007->58039 58010->57922 58011->57922 58012 40d774 19 API calls 58012->57932 58013->57957 58015 40ea08 19 API calls 58014->58015 58016 40d76e 58015->58016 58016->57990 58016->57991 58017->57999 58018->57978 58019->57978 58020->57978 58021->57977 58022->57978 58023->57978 58024->57982 58025->57978 58026->57978 58034 40d780 58027->58034 58030->57978 58031->58004 58032->57978 58033->57978 58037 40d78b 58034->58037 58035 40d7c5 58035->57978 58037->58035 58038 40d7cc 19 API calls 58037->58038 58038->58037 58040 40b9e2 58039->58040 58042 40ba07 58039->58042 58040->58042 58043 40ba84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 58040->58043 58042->57932 58042->58012 58043->58042 58045 40ea08 19 API calls 58044->58045 58046 40d4c9 58045->58046 58047 40d4dc 58046->58047 58051 40eb0c 19 API calls 58046->58051 58047->57914 58049 40d4d7 58052 40d458 19 API calls 58049->58052 58051->58049 58052->58047 58057 40ab7c 33 API calls 58053->58057 58055 40da00 58055->57955 58056->57955 58057->58055 58058 41363c SetWindowLongA GetWindowLongA 58059 413699 SetPropA SetPropA 58058->58059 58060 41367b GetWindowLongA 58058->58060 58065 41f39c 58059->58065 58060->58059 58061 41368a SetWindowLongA 58060->58061 58061->58059 58070 415270 58065->58070 58077 423c0c 58065->58077 58171 423a84 58065->58171 58066 4136e9 58071 41527d 58070->58071 58072 4152e3 58071->58072 58073 4152d8 58071->58073 58075 4152e1 58071->58075 58178 424b8c 13 API calls 58072->58178 58073->58075 58179 41505c 60 API calls 58073->58179 58075->58066 58082 423c42 58077->58082 58080 423cec 58083 423cf3 58080->58083 58084 423d27 58080->58084 58081 423c8d 58085 423c93 58081->58085 58086 423d50 58081->58086 58105 423c63 58082->58105 58180 423b68 58082->58180 58087 423fb1 58083->58087 58088 423cf9 58083->58088 58091 423d32 58084->58091 58092 42409a IsIconic 58084->58092 58089 423cc5 58085->58089 58090 423c98 58085->58090 58093 423d62 58086->58093 58094 423d6b 58086->58094 58087->58105 58146 423fd7 IsWindowEnabled 58087->58146 58096 423f13 SendMessageA 58088->58096 58097 423d07 58088->58097 58089->58105 58121 423cde 58089->58121 58122 423e3f 58089->58122 58099 423df6 58090->58099 58100 423c9e 58090->58100 58101 4240d6 58091->58101 58102 423d3b 58091->58102 58098 4240ae GetFocus 58092->58098 58092->58105 58103 423d78 58093->58103 58104 423d69 58093->58104 58187 424194 11 API calls 58094->58187 58096->58105 58097->58105 58112 423cc0 58097->58112 58133 423f56 58097->58133 58098->58105 58107 4240bf 58098->58107 58192 423b84 NtdllDefWindowProc_A 58099->58192 58108 423ca7 58100->58108 58109 423e1e PostMessageA 58100->58109 58201 424850 WinHelpA PostMessageA 58101->58201 58102->58112 58113 4240ed 58102->58113 58106 4241dc 11 API calls 58103->58106 58188 423b84 NtdllDefWindowProc_A 58104->58188 58105->58066 58106->58105 58200 41eff4 GetCurrentThreadId EnumThreadWindows 58107->58200 58117 423cb0 58108->58117 58118 423ea5 58108->58118 58193 423b84 NtdllDefWindowProc_A 58109->58193 58112->58105 58186 423b84 NtdllDefWindowProc_A 58112->58186 58119 4240f6 58113->58119 58120 42410b 58113->58120 58125 423cb9 58117->58125 58126 423dce IsIconic 58117->58126 58127 423eae 58118->58127 58128 423edf 58118->58128 58129 4244d4 19 API calls 58119->58129 58202 42452c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 58120->58202 58121->58112 58130 423e0b 58121->58130 58184 423b84 NtdllDefWindowProc_A 58122->58184 58124 4240c6 58124->58105 58134 4240ce SetFocus 58124->58134 58125->58112 58135 423d91 58125->58135 58138 423dea 58126->58138 58139 423dde 58126->58139 58195 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 58127->58195 58185 423b84 NtdllDefWindowProc_A 58128->58185 58129->58105 58142 424178 26 API calls 58130->58142 58132 423e45 58143 423e83 58132->58143 58144 423e61 58132->58144 58133->58105 58157 423f78 IsWindowEnabled 58133->58157 58134->58105 58135->58105 58189 422c4c ShowWindow PostMessageA PostQuitMessage 58135->58189 58137 423e39 58137->58105 58191 423b84 NtdllDefWindowProc_A 58138->58191 58190 423bc0 29 API calls 58139->58190 58142->58105 58151 423a84 6 API calls 58143->58151 58194 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 58144->58194 58145 423eb6 58153 423ec8 58145->58153 58159 41ef58 6 API calls 58145->58159 58146->58105 58154 423fe5 58146->58154 58149 423ee5 58155 423efd 58149->58155 58161 41eea4 2 API calls 58149->58161 58158 423e8b PostMessageA 58151->58158 58196 423b84 NtdllDefWindowProc_A 58153->58196 58164 423fec IsWindowVisible 58154->58164 58162 423a84 6 API calls 58155->58162 58156 423e69 PostMessageA 58156->58105 58157->58105 58163 423f86 58157->58163 58158->58105 58159->58153 58161->58155 58162->58105 58197 412310 21 API calls 58163->58197 58164->58105 58166 423ffa GetFocus 58164->58166 58167 4181e0 58166->58167 58168 42400f SetFocus 58167->58168 58198 415240 58168->58198 58172 423b0d 58171->58172 58173 423a94 58171->58173 58172->58066 58173->58172 58174 423a9a EnumWindows 58173->58174 58174->58172 58175 423ab6 GetWindow GetWindowLongA 58174->58175 58203 423a1c GetWindow 58174->58203 58176 423ad5 58175->58176 58176->58172 58177 423b01 SetWindowPos 58176->58177 58177->58172 58177->58176 58178->58075 58179->58075 58181 423b72 58180->58181 58182 423b7d 58180->58182 58181->58182 58183 408720 21 API calls 58181->58183 58182->58080 58182->58081 58183->58182 58184->58132 58185->58149 58186->58105 58187->58105 58188->58105 58189->58105 58190->58105 58191->58105 58192->58105 58193->58137 58194->58156 58195->58145 58196->58105 58197->58105 58199 41525b SetFocus 58198->58199 58199->58105 58200->58124 58201->58137 58202->58137 58204 423a3d GetWindowLongA 58203->58204 58205 423a49 58203->58205 58204->58205
                                                                                        Strings
                                                                                        • InUn, xrefs: 00470FD3
                                                                                        • -- File entry --, xrefs: 0047056F
                                                                                        • Couldn't read time stamp. Skipping., xrefs: 00470BA9
                                                                                        • Same time stamp. Skipping., xrefs: 00470BC9
                                                                                        • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470C60
                                                                                        • User opted not to overwrite the existing file. Skipping., xrefs: 00470CC1
                                                                                        • Failed to strip read-only attribute., xrefs: 00470D47
                                                                                        • , xrefs: 00470A43, 00470C14, 00470C92
                                                                                        • Version of our file: (none), xrefs: 00470970
                                                                                        • Version of our file: %u.%u.%u.%u, xrefs: 00470964
                                                                                        • .tmp, xrefs: 00470E2B
                                                                                        • Stripped read-only attribute., xrefs: 00470D3B
                                                                                        • Time stamp of existing file: %s, xrefs: 0047089F
                                                                                        • Will register the file (a type library) later., xrefs: 00471387
                                                                                        • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470B44
                                                                                        • @, xrefs: 00470624
                                                                                        • Existing file is a newer version. Skipping., xrefs: 00470A76
                                                                                        • Incrementing shared file count (32-bit)., xrefs: 00471419
                                                                                        • Time stamp of existing file: (failed to read), xrefs: 004708AB
                                                                                        • Dest file exists., xrefs: 0047082F
                                                                                        • Incrementing shared file count (64-bit)., xrefs: 00471400
                                                                                        • Version of existing file: (none), xrefs: 00470B6E
                                                                                        • Same version. Skipping., xrefs: 00470B59
                                                                                        • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470B38
                                                                                        • Dest file is protected by Windows File Protection., xrefs: 00470761
                                                                                        • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470D6E
                                                                                        • Skipping due to "onlyifdoesntexist" flag., xrefs: 00470842
                                                                                        • Dest filename: %s, xrefs: 00470708
                                                                                        • Installing into GAC, xrefs: 00471588
                                                                                        • Uninstaller requires administrator: %s, xrefs: 00471003
                                                                                        • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470D0A
                                                                                        • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470B29
                                                                                        • Existing file has a later time stamp. Skipping., xrefs: 00470C43
                                                                                        • Version of existing file: %u.%u.%u.%u, xrefs: 004709F0
                                                                                        • Non-default bitness: 64-bit, xrefs: 00470723
                                                                                        • Time stamp of our file: %s, xrefs: 0047080F
                                                                                        • Non-default bitness: 32-bit, xrefs: 0047072F
                                                                                        • Installing the file., xrefs: 00470D7D
                                                                                        • Time stamp of our file: (failed to read), xrefs: 0047081B
                                                                                        • Will register the file (a DLL/OCX) later., xrefs: 00471393
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                                                        • API String ID: 0-4021121268
                                                                                        • Opcode ID: 9d68f8344ce4977df8583e247318b1194b32105c4f4fc62b9f0a4044c1636d2c
                                                                                        • Instruction ID: b563e12d89f4af072a7005ff78b426759e5259748c8527a90f65f129335a0b73
                                                                                        • Opcode Fuzzy Hash: 9d68f8344ce4977df8583e247318b1194b32105c4f4fc62b9f0a4044c1636d2c
                                                                                        • Instruction Fuzzy Hash: 0B925234A0424CDFDB11DFA9C485BDDBBB5AF05308F1480ABE848A7392D778AE45CB59

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1578 42e09c-42e0ad 1579 42e0b8-42e0dd AllocateAndInitializeSid 1578->1579 1580 42e0af-42e0b3 1578->1580 1581 42e287-42e28f 1579->1581 1582 42e0e3-42e100 GetVersion 1579->1582 1580->1581 1583 42e102-42e117 GetModuleHandleA GetProcAddress 1582->1583 1584 42e119-42e11b 1582->1584 1583->1584 1585 42e142-42e15c GetCurrentThread OpenThreadToken 1584->1585 1586 42e11d-42e12b CheckTokenMembership 1584->1586 1589 42e193-42e1bb GetTokenInformation 1585->1589 1590 42e15e-42e168 GetLastError 1585->1590 1587 42e131-42e13d 1586->1587 1588 42e269-42e27f FreeSid 1586->1588 1587->1588 1593 42e1d6-42e1fa call 402648 GetTokenInformation 1589->1593 1594 42e1bd-42e1c5 GetLastError 1589->1594 1591 42e174-42e187 GetCurrentProcess OpenProcessToken 1590->1591 1592 42e16a-42e16f call 4031bc 1590->1592 1591->1589 1597 42e189-42e18e call 4031bc 1591->1597 1592->1581 1604 42e208-42e210 1593->1604 1605 42e1fc-42e206 call 4031bc * 2 1593->1605 1594->1593 1598 42e1c7-42e1d1 call 4031bc * 2 1594->1598 1597->1581 1598->1581 1609 42e212-42e213 1604->1609 1610 42e243-42e261 call 402660 CloseHandle 1604->1610 1605->1581 1614 42e215-42e228 EqualSid 1609->1614 1617 42e22a-42e237 1614->1617 1618 42e23f-42e241 1614->1618 1617->1618 1620 42e239-42e23d 1617->1620 1618->1610 1618->1614 1620->1610
                                                                                        APIs
                                                                                        • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0D6
                                                                                        • GetVersion.KERNEL32(00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0F3
                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E10C
                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E112
                                                                                        • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E127
                                                                                        • FreeSid.ADVAPI32(00000000,0042E287,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E27A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                        • String ID: 1{I$CheckTokenMembership$advapi32.dll
                                                                                        • API String ID: 2252812187-4020693264
                                                                                        • Opcode ID: 99385c8667cd0eb2f7e8a761a457fbfbdd7e71a8091fdfbf45cde5befae85eff
                                                                                        • Instruction ID: e5677345bf142a8b1d9111380f95962c8bb8cf61ba8e960ca5c3fd0f127139eb
                                                                                        • Opcode Fuzzy Hash: 99385c8667cd0eb2f7e8a761a457fbfbdd7e71a8091fdfbf45cde5befae85eff
                                                                                        • Instruction Fuzzy Hash: E351A271B44215EEEB10EAE69C42BBF77ACEB09704F9404BBB901F7281D57C99018B79

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1642 4502c0-4502cd 1643 4502d3-4502e0 GetVersion 1642->1643 1644 45037c-450386 1642->1644 1643->1644 1645 4502e6-4502fc LoadLibraryA 1643->1645 1645->1644 1646 4502fe-450377 GetProcAddress * 6 1645->1646 1646->1644
                                                                                        APIs
                                                                                        • GetVersion.KERNEL32(00480636), ref: 004502D3
                                                                                        • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480636), ref: 004502EB
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmStartSession), ref: 00450309
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmRegisterResources), ref: 0045031E
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmGetList), ref: 00450333
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmShutdown), ref: 00450348
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmRestart), ref: 0045035D
                                                                                        • GetProcAddress.KERNEL32(6E350000,RmEndSession), ref: 00450372
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoadVersion
                                                                                        • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                        • API String ID: 1968650500-3419246398
                                                                                        • Opcode ID: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                        • Instruction ID: c77cef2ad5653e61b65a4477cbb73d0d56cf7b8a9d174f96be3e9b6947252677
                                                                                        • Opcode Fuzzy Hash: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                        • Instruction Fuzzy Hash: B211F7B4510301DBD710FB61BF45A2E36E9E728315B08063FE804961A2CB7C4844CF8C

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1790 423c0c-423c40 1791 423c42-423c43 1790->1791 1792 423c74-423c8b call 423b68 1790->1792 1794 423c45-423c61 call 40b24c 1791->1794 1797 423cec-423cf1 1792->1797 1798 423c8d 1792->1798 1827 423c63-423c6b 1794->1827 1828 423c70-423c72 1794->1828 1800 423cf3 1797->1800 1801 423d27-423d2c 1797->1801 1802 423c93-423c96 1798->1802 1803 423d50-423d60 1798->1803 1804 423fb1-423fb9 1800->1804 1805 423cf9-423d01 1800->1805 1808 423d32-423d35 1801->1808 1809 42409a-4240a8 IsIconic 1801->1809 1806 423cc5-423cc8 1802->1806 1807 423c98 1802->1807 1810 423d62-423d67 1803->1810 1811 423d6b-423d73 call 424194 1803->1811 1816 424152-42415a 1804->1816 1822 423fbf-423fca call 4181e0 1804->1822 1814 423f13-423f3a SendMessageA 1805->1814 1815 423d07-423d0c 1805->1815 1823 423da9-423db0 1806->1823 1824 423cce-423ccf 1806->1824 1818 423df6-423e06 call 423b84 1807->1818 1819 423c9e-423ca1 1807->1819 1820 4240d6-4240eb call 424850 1808->1820 1821 423d3b-423d3c 1808->1821 1809->1816 1817 4240ae-4240b9 GetFocus 1809->1817 1825 423d78-423d80 call 4241dc 1810->1825 1826 423d69-423d8c call 423b84 1810->1826 1811->1816 1814->1816 1841 423d12-423d13 1815->1841 1842 42404a-424055 1815->1842 1830 424171-424177 1816->1830 1817->1816 1833 4240bf-4240c8 call 41eff4 1817->1833 1818->1816 1834 423ca7-423caa 1819->1834 1835 423e1e-423e3a PostMessageA call 423b84 1819->1835 1820->1816 1844 423d42-423d45 1821->1844 1845 4240ed-4240f4 1821->1845 1822->1816 1877 423fd0-423fdf call 4181e0 IsWindowEnabled 1822->1877 1823->1816 1838 423db6-423dbd 1823->1838 1839 423cd5-423cd8 1824->1839 1840 423f3f-423f46 1824->1840 1825->1816 1826->1816 1827->1830 1828->1792 1828->1794 1833->1816 1889 4240ce-4240d4 SetFocus 1833->1889 1851 423cb0-423cb3 1834->1851 1852 423ea5-423eac 1834->1852 1835->1816 1838->1816 1857 423dc3-423dc9 1838->1857 1858 423cde-423ce1 1839->1858 1859 423e3f-423e5f call 423b84 1839->1859 1840->1816 1847 423f4c-423f51 call 404e54 1840->1847 1860 424072-42407d 1841->1860 1861 423d19-423d1c 1841->1861 1842->1816 1863 42405b-42406d 1842->1863 1864 424120-424127 1844->1864 1865 423d4b 1844->1865 1854 4240f6-424109 call 4244d4 1845->1854 1855 42410b-42411e call 42452c 1845->1855 1847->1816 1872 423cb9-423cba 1851->1872 1873 423dce-423ddc IsIconic 1851->1873 1874 423eae-423ec1 call 423b14 1852->1874 1875 423edf-423ef0 call 423b84 1852->1875 1854->1816 1855->1816 1857->1816 1878 423ce7 1858->1878 1879 423e0b-423e19 call 424178 1858->1879 1904 423e83-423ea0 call 423a84 PostMessageA 1859->1904 1905 423e61-423e7e call 423b14 PostMessageA 1859->1905 1860->1816 1866 424083-424095 1860->1866 1883 423d22 1861->1883 1884 423f56-423f5e 1861->1884 1863->1816 1881 42413a-424149 1864->1881 1882 424129-424138 1864->1882 1885 42414b-42414c call 423b84 1865->1885 1866->1816 1890 423cc0 1872->1890 1891 423d91-423d99 1872->1891 1897 423dea-423df1 call 423b84 1873->1897 1898 423dde-423de5 call 423bc0 1873->1898 1919 423ed3-423eda call 423b84 1874->1919 1920 423ec3-423ecd call 41ef58 1874->1920 1924 423ef2-423ef8 call 41eea4 1875->1924 1925 423f06-423f0e call 423a84 1875->1925 1877->1816 1921 423fe5-423ff4 call 4181e0 IsWindowVisible 1877->1921 1878->1885 1879->1816 1881->1816 1882->1816 1883->1885 1884->1816 1888 423f64-423f6b 1884->1888 1913 424151 1885->1913 1888->1816 1906 423f71-423f80 call 4181e0 IsWindowEnabled 1888->1906 1889->1816 1890->1885 1891->1816 1907 423d9f-423da4 call 422c4c 1891->1907 1897->1816 1898->1816 1904->1816 1905->1816 1906->1816 1935 423f86-423f9c call 412310 1906->1935 1907->1816 1913->1816 1919->1816 1920->1919 1921->1816 1942 423ffa-424045 GetFocus call 4181e0 SetFocus call 415240 SetFocus 1921->1942 1939 423efd-423f00 1924->1939 1925->1816 1935->1816 1945 423fa2-423fac 1935->1945 1939->1925 1942->1816 1945->1816
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b9e250b99cf182ccbef41989ebe76349b30642d984367dffe3cd9cb4059d0181
                                                                                        • Instruction ID: afb4f91cf4018cf9acc1c9974f14325182323c15c0e0405bd0f9b005e596376e
                                                                                        • Opcode Fuzzy Hash: b9e250b99cf182ccbef41989ebe76349b30642d984367dffe3cd9cb4059d0181
                                                                                        • Instruction Fuzzy Hash: 03E1AE31700124EFDB04DF69E989AADB7B5FB54300FA440AAE5559B352C73CEE81DB09
                                                                                        APIs
                                                                                          • Part of subcall function 0049543C: GetWindowRect.USER32(00000000), ref: 00495452
                                                                                        • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 004675E7
                                                                                          • Part of subcall function 0041D6B0: GetObjectA.GDI32(?,00000018,00467601), ref: 0041D6DB
                                                                                          • Part of subcall function 00466FF4: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467097
                                                                                          • Part of subcall function 00466FF4: ExtractIconA.SHELL32(00400000,00000000,?), ref: 004670BD
                                                                                          • Part of subcall function 00466FF4: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467114
                                                                                          • Part of subcall function 004669B4: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046769C,00000000,00000000,00000000,0000000C,00000000), ref: 004669CC
                                                                                          • Part of subcall function 004956C0: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 004956CA
                                                                                          • Part of subcall function 0042ED38: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                          • Part of subcall function 0042ED38: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                          • Part of subcall function 0049538C: GetDC.USER32(00000000), ref: 004953AE
                                                                                          • Part of subcall function 0049538C: SelectObject.GDI32(?,00000000), ref: 004953D4
                                                                                          • Part of subcall function 0049538C: ReleaseDC.USER32(00000000,?), ref: 00495425
                                                                                          • Part of subcall function 004956B0: MulDiv.KERNEL32(0000004B,?,00000006), ref: 004956BA
                                                                                        • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,0217FAD8,02181838,?,?,02181868,?,?,021818B8,?), ref: 00468271
                                                                                        • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00468282
                                                                                        • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0046829A
                                                                                          • Part of subcall function 0042A05C: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A072
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectReleaseSelectSendSystemUserWindow
                                                                                        • String ID: $(Default)$STOPIMAGE
                                                                                        • API String ID: 3231140908-770201673
                                                                                        • Opcode ID: d8aa18b457e06c76cf1710bd301156fff42577b8956d306d2f0c8863d05d0704
                                                                                        • Instruction ID: 95164e1e617b107b44698f642e4cc1154f551ad52f4085116ed94e07ec8bca55
                                                                                        • Opcode Fuzzy Hash: d8aa18b457e06c76cf1710bd301156fff42577b8956d306d2f0c8863d05d0704
                                                                                        • Instruction Fuzzy Hash: BEF2C6786005148FCB00EB59D9D9F9973F1BF49304F1542BAE9049B36ADB74EC4ACB8A
                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474E55
                                                                                        • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474F32
                                                                                        • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474F40
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                        • String ID: unins$unins???.*
                                                                                        • API String ID: 3541575487-1009660736
                                                                                        • Opcode ID: 5e576b03208d2e259677c02318acd6f2ad4d278db2359f1cb77b12eb5b061527
                                                                                        • Instruction ID: 31c653d7bd6b2cf4ad5ba67a359891eda5ad6ed959604e3cb46055c530bb22dc
                                                                                        • Opcode Fuzzy Hash: 5e576b03208d2e259677c02318acd6f2ad4d278db2359f1cb77b12eb5b061527
                                                                                        • Instruction Fuzzy Hash: 2A313370A001089FCB10EF65D991ADEB7A9DF85318F51C4B6F80CA76A2DB389F418B58
                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452A9D
                                                                                        • GetLastError.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452AA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileFindFirstLast
                                                                                        • String ID:
                                                                                        • API String ID: 873889042-0
                                                                                        • Opcode ID: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                        • Instruction ID: 3e58272229af866f17ac5928e9872a720c3be2d4903e778e839a846eb7d55d53
                                                                                        • Opcode Fuzzy Hash: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                        • Instruction Fuzzy Hash: 94F0F971A04604AB8B10EF669D4149EF7ACEB8672571046BBFC14E3282DAB84E0485A8
                                                                                        APIs
                                                                                        • GetVersion.KERNEL32(?,0046DFEE), ref: 0046DF62
                                                                                        • CoCreateInstance.OLE32(00499B84,00000000,00000001,00499B94,?,?,0046DFEE), ref: 0046DF7E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInstanceVersion
                                                                                        • String ID:
                                                                                        • API String ID: 1462612201-0
                                                                                        • Opcode ID: 590230f93a95ca5811c62fe34acfb8e2c0307c22a832fa8ed403bfd539588e2d
                                                                                        • Instruction ID: 3442edb0ea1fabc64a92ad6c3e34ff78e3c28f6093e8310d9e86ee8e53d0260d
                                                                                        • Opcode Fuzzy Hash: 590230f93a95ca5811c62fe34acfb8e2c0307c22a832fa8ed403bfd539588e2d
                                                                                        • Instruction Fuzzy Hash: 4EF0A031B85200DEEB14A7A9DC45B463BD4BB24328F04007BF0448B295E3AC9850861F
                                                                                        APIs
                                                                                        • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale
                                                                                        • String ID:
                                                                                        • API String ID: 2299586839-0
                                                                                        • Opcode ID: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                        • Instruction ID: 8daab3ef8e56b0da8b8c23f45c5b5388ad46b50bd825570c2d348c61856efc62
                                                                                        • Opcode Fuzzy Hash: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                        • Instruction Fuzzy Hash: BFE0223170021466C311AA2A9C86AEAB34C9758310F00427FB904E73C2EDB89E4042A8
                                                                                        APIs
                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424151,?,00000000,0042415C), ref: 00423BAE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: NtdllProc_Window
                                                                                        • String ID:
                                                                                        • API String ID: 4255912815-0
                                                                                        • Opcode ID: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                        • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                                                        • Opcode Fuzzy Hash: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                        • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                        • Instruction ID: 9f318ec9847dd9a6abcb639c8bc611599857aea0b867fcad4bfaeec6bdb042bf
                                                                                        • Opcode Fuzzy Hash: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                        • Instruction Fuzzy Hash: 8FD0C27230470473CB00AA689C825AA35CD8B84305F00483E3CC5DA2C3FABDDA485756
                                                                                        APIs
                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F53C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: NtdllProc_Window
                                                                                        • String ID:
                                                                                        • API String ID: 4255912815-0
                                                                                        • Opcode ID: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                        • Instruction ID: 7ca9c19e24a5def9c493c34941f9da96f9ca037215ec7a65a90973bf7a04e639
                                                                                        • Opcode Fuzzy Hash: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                        • Instruction Fuzzy Hash: FCD09E7120011D7B9B00DE99E840D6B33AD9B88710B909925F945D7642D634ED9197A5

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 844 46eecc-46eefe 845 46ef00-46ef07 844->845 846 46ef1b 844->846 847 46ef12-46ef19 845->847 848 46ef09-46ef10 845->848 849 46ef22-46ef5a call 403634 call 403738 call 42dec0 846->849 847->849 848->846 848->847 856 46ef75-46ef9e call 403738 call 42dde4 849->856 857 46ef5c-46ef70 call 403738 call 42dec0 849->857 865 46efa0-46efa9 call 46eb9c 856->865 866 46efae-46efd7 call 46ecb8 856->866 857->856 865->866 870 46efe9-46efec call 403400 866->870 871 46efd9-46efe7 call 403494 866->871 874 46eff1-46f03c call 46ecb8 call 42c3fc call 46ed00 call 46ecb8 870->874 871->874 884 46f052-46f073 call 45559c call 46ecb8 874->884 885 46f03e-46f051 call 46ed28 874->885 892 46f075-46f0c8 call 46ecb8 call 431404 call 46ecb8 call 431404 call 46ecb8 884->892 893 46f0c9-46f0d0 884->893 885->884 892->893 895 46f0d2-46f10f call 431404 call 46ecb8 call 431404 call 46ecb8 893->895 896 46f110-46f117 893->896 895->896 899 46f158-46f17d call 40b24c call 46ecb8 896->899 900 46f119-46f157 call 46ecb8 * 3 896->900 918 46f17f-46f18a call 47bd90 899->918 919 46f18c-46f195 call 403494 899->919 900->899 929 46f19a-46f1a5 call 478924 918->929 919->929 934 46f1a7-46f1ac 929->934 935 46f1ae 929->935 936 46f1b3-46f37d call 403778 call 46ecb8 call 47bd90 call 46ed00 call 403494 call 40357c * 2 call 46ecb8 call 403494 call 40357c * 2 call 46ecb8 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 934->936 935->936 999 46f393-46f3a1 call 46ed28 936->999 1000 46f37f-46f391 call 46ecb8 936->1000 1004 46f3a6 999->1004 1005 46f3a7-46f3f0 call 46ed28 call 46ed5c call 46ecb8 call 47bd90 call 46edc0 1000->1005 1004->1005 1016 46f416-46f423 1005->1016 1017 46f3f2-46f415 call 46ed28 * 2 1005->1017 1019 46f4f2-46f4f9 1016->1019 1020 46f429-46f430 1016->1020 1017->1016 1024 46f553-46f569 RegCloseKey 1019->1024 1025 46f4fb-46f531 call 49485c 1019->1025 1022 46f432-46f439 1020->1022 1023 46f49d-46f4ac 1020->1023 1022->1023 1028 46f43b-46f45f call 430bcc 1022->1028 1027 46f4af-46f4bc 1023->1027 1025->1024 1032 46f4d3-46f4ec call 430c08 call 46ed28 1027->1032 1033 46f4be-46f4cb 1027->1033 1028->1027 1039 46f461-46f462 1028->1039 1042 46f4f1 1032->1042 1033->1032 1035 46f4cd-46f4d1 1033->1035 1035->1019 1035->1032 1041 46f464-46f48a call 40b24c call 479150 1039->1041 1047 46f497-46f499 1041->1047 1048 46f48c-46f492 call 430bcc 1041->1048 1042->1019 1047->1041 1050 46f49b 1047->1050 1048->1047 1050->1027
                                                                                        APIs
                                                                                          • Part of subcall function 0046ECB8: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,00475FFE,?,0049C1DC,?,0046EFCF,?,00000000,0046F56A,?,_is1), ref: 0046ECDB
                                                                                          • Part of subcall function 0046ED28: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F3A6,?,?,00000000,0046F56A,?,_is1,?), ref: 0046ED3B
                                                                                        • RegCloseKey.ADVAPI32(?,0046F571,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F5BC,?,?,0049C1DC,00000000), ref: 0046F564
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$Close
                                                                                        • String ID: " /SILENT$5.5.2 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                                        • API String ID: 3391052094-2734025597
                                                                                        • Opcode ID: 4b47327b70ee27fc59f023ce9095d4925cbd7ad973a1f437070c8b1580be5bb7
                                                                                        • Instruction ID: 41df9594f94a3a106a445eb875b77748a5d5020e54387338891d7450c5044d2a
                                                                                        • Opcode Fuzzy Hash: 4b47327b70ee27fc59f023ce9095d4925cbd7ad973a1f437070c8b1580be5bb7
                                                                                        • Instruction Fuzzy Hash: CF123335A00109AFDB04EF55E981ADE73F5EB48304F60847BE840AB396EB78AD45CB5D

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1051 4923a8-4923dc call 403684 1054 4923de-4923ed call 446f9c Sleep 1051->1054 1055 4923f2-4923ff call 403684 1051->1055 1060 492882-49289c call 403420 1054->1060 1061 49242e-49243b call 403684 1055->1061 1062 492401-492424 call 446ff8 call 403738 FindWindowA call 447278 1055->1062 1070 49246a-492477 call 403684 1061->1070 1071 49243d-492465 call 446ff8 call 403738 FindWindowA call 447278 1061->1071 1081 492429 1062->1081 1079 492479-4924bb call 446f9c * 4 SendMessageA call 447278 1070->1079 1080 4924c0-4924cd call 403684 1070->1080 1071->1060 1079->1060 1089 49251c-492529 call 403684 1080->1089 1090 4924cf-492517 call 446f9c * 4 PostMessageA call 4470d0 1080->1090 1081->1060 1098 492578-492585 call 403684 1089->1098 1099 49252b-492573 call 446f9c * 4 SendNotifyMessageA call 4470d0 1089->1099 1090->1060 1111 4925b2-4925bf call 403684 1098->1111 1112 492587-4925ad call 446ff8 call 403738 RegisterClipboardFormatA call 447278 1098->1112 1099->1060 1127 4925c1-4925fb call 446f9c * 3 SendMessageA call 447278 1111->1127 1128 492600-49260d call 403684 1111->1128 1112->1060 1127->1060 1140 49260f-49264f call 446f9c * 3 PostMessageA call 4470d0 1128->1140 1141 492654-492661 call 403684 1128->1141 1140->1060 1151 4926a8-4926b5 call 403684 1141->1151 1152 492663-4926a3 call 446f9c * 3 SendNotifyMessageA call 4470d0 1141->1152 1162 49270a-492717 call 403684 1151->1162 1163 4926b7-4926d5 call 446ff8 call 42e394 1151->1163 1152->1060 1174 492719-492745 call 446ff8 call 403738 call 446f9c GetProcAddress 1162->1174 1175 492791-49279e call 403684 1162->1175 1183 4926e7-4926f5 GetLastError call 447278 1163->1183 1184 4926d7-4926e5 call 447278 1163->1184 1208 492781-49278c call 4470d0 1174->1208 1209 492747-49277c call 446f9c * 2 call 447278 call 4470d0 1174->1209 1189 4927a0-4927c1 call 446f9c FreeLibrary call 4470d0 1175->1189 1190 4927c6-4927d3 call 403684 1175->1190 1195 4926fa-492705 call 447278 1183->1195 1184->1195 1189->1060 1201 4927f8-492805 call 403684 1190->1201 1202 4927d5-4927f3 call 446ff8 call 403738 CreateMutexA 1190->1202 1195->1060 1217 49283b-492848 call 403684 1201->1217 1218 492807-492839 call 48c764 call 403574 call 403738 OemToCharBuffA call 48c77c 1201->1218 1202->1060 1208->1060 1209->1060 1227 49284a-49287c call 48c764 call 403574 call 403738 CharToOemBuffA call 48c77c 1217->1227 1228 49287e 1217->1228 1218->1060 1227->1060 1228->1060
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(00000000,00000000,0049289D,?,?,?,?,00000000,00000000,00000000), ref: 004923E8
                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 00492419
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindSleepWindow
                                                                                        • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                        • API String ID: 3078808852-3310373309
                                                                                        • Opcode ID: fc65408302e00bfaa9df3cfa690acb5bb30b22ebaabf7b5c0919dab2d319a526
                                                                                        • Instruction ID: 9f3505894e5a6fd9d1366d4270c7319e33b1617852d99992837f934410b553a1
                                                                                        • Opcode Fuzzy Hash: fc65408302e00bfaa9df3cfa690acb5bb30b22ebaabf7b5c0919dab2d319a526
                                                                                        • Instruction Fuzzy Hash: 0CC182A0B042413BDB14FF3E9D4151F59A99B94708B118A3FB446EB38BCE7DED0A4399

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1621 483560-483585 GetModuleHandleA GetProcAddress 1622 4835ec-4835f1 GetSystemInfo 1621->1622 1623 483587-48359d GetNativeSystemInfo GetProcAddress 1621->1623 1625 4835f6-4835ff 1622->1625 1624 48359f-4835aa GetCurrentProcess 1623->1624 1623->1625 1624->1625 1632 4835ac-4835b0 1624->1632 1626 48360f-483616 1625->1626 1627 483601-483605 1625->1627 1628 483631-483636 1626->1628 1630 483618-48361f 1627->1630 1631 483607-48360b 1627->1631 1630->1628 1633 48360d-48362a 1631->1633 1634 483621-483628 1631->1634 1632->1625 1636 4835b2-4835b9 call 45271c 1632->1636 1633->1628 1634->1628 1636->1625 1639 4835bb-4835c8 GetProcAddress 1636->1639 1639->1625 1640 4835ca-4835e1 GetModuleHandleA GetProcAddress 1639->1640 1640->1625 1641 4835e3-4835ea 1640->1641 1641->1625
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483571
                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0048357E
                                                                                        • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0048358C
                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483594
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 004835A0
                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 004835C1
                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 004835D4
                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 004835DA
                                                                                        • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 004835F1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                        • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                        • API String ID: 2230631259-2623177817
                                                                                        • Opcode ID: ecd875b9fed982c6964d0a5895b6aed5fdd9f377785afaacdd435e2d250d9586
                                                                                        • Instruction ID: 55e3f4d73e57614863bf74929b0f0177a2d28665cd9645ad6096ae2f13a54172
                                                                                        • Opcode Fuzzy Hash: ecd875b9fed982c6964d0a5895b6aed5fdd9f377785afaacdd435e2d250d9586
                                                                                        • Instruction Fuzzy Hash: D6113D81549782B4DA21BB7D8D5AB6F1A888B10F5AF140C3B7C40753C2E96DCE458B6E

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1647 468bfc-468c34 call 47bd90 1650 468e16-468e30 call 403420 1647->1650 1651 468c3a-468c4a call 478944 1647->1651 1656 468c4f-468c94 call 4078f4 call 403738 call 42de1c 1651->1656 1662 468c99-468c9b 1656->1662 1663 468ca1-468cb6 1662->1663 1664 468e0c-468e10 1662->1664 1665 468ccb-468cd2 1663->1665 1666 468cb8-468cc6 call 42dd4c 1663->1666 1664->1650 1664->1656 1668 468cd4-468cf6 call 42dd4c call 42dd64 1665->1668 1669 468cff-468d06 1665->1669 1666->1665 1668->1669 1690 468cf8 1668->1690 1670 468d5f-468d66 1669->1670 1671 468d08-468d2d call 42dd4c * 2 1669->1671 1675 468dac-468db3 1670->1675 1676 468d68-468d7a call 42dd4c 1670->1676 1693 468d2f-468d38 call 4314f8 1671->1693 1694 468d3d-468d4f call 42dd4c 1671->1694 1678 468db5-468de9 call 42dd4c * 3 1675->1678 1679 468dee-468e04 RegCloseKey 1675->1679 1686 468d7c-468d85 call 4314f8 1676->1686 1687 468d8a-468d9c call 42dd4c 1676->1687 1678->1679 1686->1687 1687->1675 1700 468d9e-468da7 call 4314f8 1687->1700 1690->1669 1693->1694 1694->1670 1704 468d51-468d5a call 4314f8 1694->1704 1700->1675 1704->1670
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,00468E16,?,?,00000001,00000000,00000000,00468E31,?,00000000,00000000,?), ref: 00468DFF
                                                                                        Strings
                                                                                        • Inno Setup: Icon Group, xrefs: 00468CDA
                                                                                        • Inno Setup: User Info: Serial, xrefs: 00468DE1
                                                                                        • Inno Setup: App Path, xrefs: 00468CBE
                                                                                        • Inno Setup: No Icons, xrefs: 00468CE7
                                                                                        • Inno Setup: User Info: Name, xrefs: 00468DBB
                                                                                        • Inno Setup: Deselected Components, xrefs: 00468D40
                                                                                        • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468C5B
                                                                                        • %s\%s_is1, xrefs: 00468C79
                                                                                        • Inno Setup: Selected Components, xrefs: 00468D1E
                                                                                        • Inno Setup: Setup Type, xrefs: 00468D0E
                                                                                        • Inno Setup: Deselected Tasks, xrefs: 00468D8D
                                                                                        • Inno Setup: User Info: Organization, xrefs: 00468DCE
                                                                                        • Inno Setup: Selected Tasks, xrefs: 00468D6B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                        • API String ID: 47109696-1093091907
                                                                                        • Opcode ID: 477994bb8960d1965e10b40f61816eaf4c7b707db17a7ca4aa6169c09ca9eb9e
                                                                                        • Instruction ID: 0c37994fccd001a995e494b6850b37eb05b7d5ed784e69181523ebf3a7e49158
                                                                                        • Opcode Fuzzy Hash: 477994bb8960d1965e10b40f61816eaf4c7b707db17a7ca4aa6169c09ca9eb9e
                                                                                        • Instruction Fuzzy Hash: 8D51C570A006049BCB10DB65C941BDEB7F5EF48304F50856EE840AB391EB38AF01CB6D

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                          • Part of subcall function 0042D898: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00453DB4,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15), ref: 0042D8AB
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                          • Part of subcall function 0042D8F0: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                          • Part of subcall function 0042D8F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                        • SHGetKnownFolderPath.SHELL32(00499D1C,00008000,00000000,?,00000000,0047C432), ref: 0047C336
                                                                                        • CoTaskMemFree.OLE32(?,0047C37B), ref: 0047C36E
                                                                                          • Part of subcall function 0042D208: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DA3E,00000000,0042DAD0,?,?,?,0049B628,00000000,00000000), ref: 0042D233
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Directory$AddressEnvironmentFolderFreeHandleKnownModulePathProcSystemTaskVariableWindows
                                                                                        • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                        • API String ID: 3771764029-544719455
                                                                                        • Opcode ID: 458afd9a1cda60bc5c06d2a3f17cd4b8a975594a1455dcf27ea3d462b6d04529
                                                                                        • Instruction ID: 599f5abe96f02a195e24b8b9203061af68f55c26e596fa95a84979d127ba116b
                                                                                        • Opcode Fuzzy Hash: 458afd9a1cda60bc5c06d2a3f17cd4b8a975594a1455dcf27ea3d462b6d04529
                                                                                        • Instruction Fuzzy Hash: 84619134A00204ABDB10EBA5E8D2A9E7B65EB54308F90C57FE804A7396C73C9E44CF5D

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1949 423874-42387e 1950 4239a7-4239ab 1949->1950 1951 423884-4238a6 call 41f3c4 GetClassInfoA 1949->1951 1954 4238d7-4238e0 GetSystemMetrics 1951->1954 1955 4238a8-4238bf RegisterClassA 1951->1955 1956 4238e2 1954->1956 1957 4238e5-4238ef GetSystemMetrics 1954->1957 1955->1954 1958 4238c1-4238d2 call 408cbc call 40311c 1955->1958 1956->1957 1960 4238f1 1957->1960 1961 4238f4-423950 call 403738 call 4062e8 call 403400 call 42364c SetWindowLongA 1957->1961 1958->1954 1960->1961 1972 423952-423965 call 424178 SendMessageA 1961->1972 1973 42396a-423998 GetSystemMenu DeleteMenu * 2 1961->1973 1972->1973 1973->1950 1975 42399a-4239a2 DeleteMenu 1973->1975 1975->1950
                                                                                        APIs
                                                                                          • Part of subcall function 0041F3C4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                        • GetClassInfoA.USER32(00400000,0042367C), ref: 0042389F
                                                                                        • RegisterClassA.USER32(00499630), ref: 004238B7
                                                                                        • GetSystemMetrics.USER32(00000000), ref: 004238D9
                                                                                        • GetSystemMetrics.USER32(00000001), ref: 004238E8
                                                                                        • SetWindowLongA.USER32(00410460,000000FC,0042368C), ref: 00423944
                                                                                        • SendMessageA.USER32(00410460,00000080,00000001,00000000), ref: 00423965
                                                                                        • GetSystemMenu.USER32(00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 00423970
                                                                                        • DeleteMenu.USER32(00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 0042397F
                                                                                        • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042398C
                                                                                        • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239A2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                        • String ID: |6B
                                                                                        • API String ID: 183575631-3009739247
                                                                                        • Opcode ID: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                        • Instruction ID: 5979ac727d64f3fe5c9a0a43452729076f54e0f9e4c251b9a4c28f9d6bed272f
                                                                                        • Opcode Fuzzy Hash: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                        • Instruction Fuzzy Hash: E63152B17402006AEB10AF69DC82F6A37989B14709F60017BFA44EF2D7C6BDED40876D

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1977 47c968-47c9be call 42c3fc call 4035c0 call 47c62c call 4525d8 1986 47c9c0-47c9c5 call 453344 1977->1986 1987 47c9ca-47c9d9 call 4525d8 1977->1987 1986->1987 1991 47c9f3-47c9f9 1987->1991 1992 47c9db-47c9e1 1987->1992 1995 47ca10-47ca38 call 42e394 * 2 1991->1995 1996 47c9fb-47ca01 1991->1996 1993 47ca03-47ca0b call 403494 1992->1993 1994 47c9e3-47c9e9 1992->1994 1993->1995 1994->1991 1997 47c9eb-47c9f1 1994->1997 2003 47ca5f-47ca79 GetProcAddress 1995->2003 2004 47ca3a-47ca5a call 4078f4 call 453344 1995->2004 1996->1993 1996->1995 1997->1991 1997->1993 2005 47ca85-47caa2 call 403400 * 2 2003->2005 2006 47ca7b-47ca80 call 453344 2003->2006 2004->2003 2006->2005
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(74BB0000,SHGetFolderPathA), ref: 0047CA6A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$ptI$shell32.dll$shfolder.dll
                                                                                        • API String ID: 190572456-2576699960
                                                                                        • Opcode ID: de0f38486c819f413c08132c2c10785360ce7bb1d082894e1dd7e5610f115569
                                                                                        • Instruction ID: 1b7f257eac351b2865de88edbb479a2ab4f4c09eb1d5ad9e3bfc9d6f8503b50a
                                                                                        • Opcode Fuzzy Hash: de0f38486c819f413c08132c2c10785360ce7bb1d082894e1dd7e5610f115569
                                                                                        • Instruction Fuzzy Hash: 66310E70A001099BCB00EB95D5D2AEEB7B5EB44305F50847BE404F7241D778AE45CBAD

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2126 40631c-406336 GetModuleHandleA GetProcAddress 2127 406338 2126->2127 2128 40633f-40634c GetProcAddress 2126->2128 2127->2128 2129 406355-406362 GetProcAddress 2128->2129 2130 40634e 2128->2130 2131 406364-406366 SetProcessDEPPolicy 2129->2131 2132 406368-406369 2129->2132 2130->2129 2131->2132
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498730), ref: 00406322
                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                        • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                        • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498730), ref: 00406366
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModulePolicyProcess
                                                                                        • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                        • API String ID: 3256987805-3653653586
                                                                                        • Opcode ID: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                        • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                                                        • Opcode Fuzzy Hash: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                        • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                                                        APIs
                                                                                        • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                        • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                        • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$Prop
                                                                                        • String ID: 3A$yA
                                                                                        • API String ID: 3887896539-3278460822
                                                                                        • Opcode ID: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                        • Instruction ID: bcb4e109f9bb3244d1d15a250a8b19338fc20a7c4ef9bfc7c396c8b3ff51cb63
                                                                                        • Opcode Fuzzy Hash: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                        • Instruction Fuzzy Hash: 8C22D06508E3C05FE31B9B74896A5D57FA0EE13325B1D45DFC4C28B1A3D21E8A8BC71A

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2265 42f560-42f56a 2266 42f574-42f5b1 call 402b30 GetActiveWindow GetFocus call 41eea4 2265->2266 2267 42f56c-42f56f call 402d30 2265->2267 2273 42f5c3-42f5cb 2266->2273 2274 42f5b3-42f5bd RegisterClassA 2266->2274 2267->2266 2275 42f652-42f66e SetFocus call 403400 2273->2275 2276 42f5d1-42f602 CreateWindowExA 2273->2276 2274->2273 2276->2275 2278 42f604-42f648 call 42427c call 403738 CreateWindowExA 2276->2278 2278->2275 2284 42f64a-42f64d ShowWindow 2278->2284 2284->2275
                                                                                        APIs
                                                                                        • GetActiveWindow.USER32 ref: 0042F58F
                                                                                        • GetFocus.USER32 ref: 0042F597
                                                                                        • RegisterClassA.USER32(004997AC), ref: 0042F5B8
                                                                                        • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F68C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F5F6
                                                                                        • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F63C
                                                                                        • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F64D
                                                                                        • SetFocus.USER32(00000000,00000000,0042F66F,?,?,?,00000001,00000000,?,004581A2,00000000,0049B628), ref: 0042F654
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                        • String ID: TWindowDisabler-Window
                                                                                        • API String ID: 3167913817-1824977358
                                                                                        • Opcode ID: af2d58cb1d61aa5294d5b80584b5773ea49d3efeec85bd27a4eae10aec25b275
                                                                                        • Instruction ID: c3989f54cd535b42bfd745bd8d6279a550c1ea008e6f4be51b2d228796931bcd
                                                                                        • Opcode Fuzzy Hash: af2d58cb1d61aa5294d5b80584b5773ea49d3efeec85bd27a4eae10aec25b275
                                                                                        • Instruction Fuzzy Hash: B021A170740710BAE310EF66AD43F1A76B8EB04B44F91853BF604AB2E1D7B86D0586AD

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2285 4531f0-453241 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 2286 453243-45324a 2285->2286 2287 45324c-45324e 2285->2287 2286->2287 2288 453250 2286->2288 2289 453252-453288 call 42e394 call 42e8c8 call 403400 2287->2289 2288->2289
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 00453210
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 0045322A
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                        • API String ID: 1646373207-2130885113
                                                                                        • Opcode ID: 460e23cb00cf3424ad6d0c49a1f828097ca48bff1b05d8589e040c86aeca4b16
                                                                                        • Instruction ID: 0cfad7ca53bf4133c716031d63a26ec494c9be7874946ed143d2344feace3e75
                                                                                        • Opcode Fuzzy Hash: 460e23cb00cf3424ad6d0c49a1f828097ca48bff1b05d8589e040c86aeca4b16
                                                                                        • Instruction Fuzzy Hash: 9F01D870240B04BED3016F63AD12F563A58E755B5BF5044BBFC1496582C77C4A088EAD
                                                                                        APIs
                                                                                        • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467097
                                                                                        • ExtractIconA.SHELL32(00400000,00000000,?), ref: 004670BD
                                                                                          • Part of subcall function 00466F34: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00466FCC
                                                                                          • Part of subcall function 00466F34: DestroyCursor.USER32(00000000), ref: 00466FE2
                                                                                        • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467114
                                                                                        • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467175
                                                                                        • ExtractIconA.SHELL32(00400000,00000000,?), ref: 0046719B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                        • String ID: c:\directory$shell32.dll
                                                                                        • API String ID: 3376378930-1375355148
                                                                                        • Opcode ID: 6d041171d1007e38f1423e999fca6c8345fae3a72a3914b9ee39d1bb44a6fd6f
                                                                                        • Instruction ID: 28e44f0b0ade20fd2fa41990bb26b25d2b6273e6e4b8387af8825f96a0abaac4
                                                                                        • Opcode Fuzzy Hash: 6d041171d1007e38f1423e999fca6c8345fae3a72a3914b9ee39d1bb44a6fd6f
                                                                                        • Instruction Fuzzy Hash: 65517E70604204AFD710DF65CD89FDFB7E8EB49308F1081A7F8089B351D6389E81CA69
                                                                                        APIs
                                                                                        • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430948
                                                                                        • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430957
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00430971
                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00430992
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                        • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                        • API String ID: 4130936913-2943970505
                                                                                        • Opcode ID: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                        • Instruction ID: 0bd92e6c8c1c5a5b8444157758b44b4e11dae02c37acc47d2edddbd1fb793b69
                                                                                        • Opcode Fuzzy Hash: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                        • Instruction Fuzzy Hash: 22F012B0458340DEE300EB65994271E7BD0EF58718F50467FF498A6392D7795904CB5F
                                                                                        APIs
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00472199,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555), ref: 00472175
                                                                                        • FindClose.KERNEL32(000000FF,004721A0,00472199,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555,?), ref: 00472193
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,004722BB,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555), ref: 00472297
                                                                                        • FindClose.KERNEL32(000000FF,004722C2,004722BB,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555,?), ref: 004722B5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileNext
                                                                                        • String ID: &&G$&&G
                                                                                        • API String ID: 2066263336-852616326
                                                                                        • Opcode ID: 53d573c3283eea8276722ae00e783839c534cad26cf1d76589be1e10efaeed4f
                                                                                        • Instruction ID: 5d8f9e8498e1fb85c1a49ff99105bc28d4ff0fd985b73b461b66a4ef7da0b053
                                                                                        • Opcode Fuzzy Hash: 53d573c3283eea8276722ae00e783839c534cad26cf1d76589be1e10efaeed4f
                                                                                        • Instruction Fuzzy Hash: F0C14C3490424D9FCF11DFA5C981BDEBBB9FF09304F5085AAE908A3291D7789A45CF64
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C,00000000), ref: 004551BA
                                                                                        • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C), ref: 004551C7
                                                                                          • Part of subcall function 00454F7C: WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                          • Part of subcall function 00454F7C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                          • Part of subcall function 00454F7C: GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                          • Part of subcall function 00454F7C: CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                        • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                        • API String ID: 854858120-615399546
                                                                                        • Opcode ID: d48cb867d8132222f58630969ce6cc8153310e3eaa120555069058459d823a95
                                                                                        • Instruction ID: 058baa7e90e176347c833b132b7c272bf8058e823d6e061bdbf2f6311869cd9e
                                                                                        • Opcode Fuzzy Hash: d48cb867d8132222f58630969ce6cc8153310e3eaa120555069058459d823a95
                                                                                        • Instruction Fuzzy Hash: 41516D34B0074DABCF10EFA5D852BDEBBB9AF44305F50447BB804B7292D7789A098B59
                                                                                        APIs
                                                                                        • LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                        • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                        • OemToCharA.USER32(?,?), ref: 0042375C
                                                                                        • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Char$FileIconLoadLowerModuleName
                                                                                        • String ID: 2$MAINICON
                                                                                        • API String ID: 3935243913-3181700818
                                                                                        • Opcode ID: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                        • Instruction ID: 339a64ebbf2375270c19ef2cfa2d714624ee8dcb7e06b01b5ae6522dc3b50067
                                                                                        • Opcode Fuzzy Hash: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                        • Instruction Fuzzy Hash: 243181B0A042549ADF10EF29D8C57C67BA8AF14308F4441BAE844DB393D7BED988CB59
                                                                                        APIs
                                                                                        • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F3D
                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F5E
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00418F79
                                                                                        • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F9A
                                                                                          • Part of subcall function 004230C8: GetDC.USER32(00000000), ref: 0042311E
                                                                                          • Part of subcall function 004230C8: EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                          • Part of subcall function 004230C8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                          • Part of subcall function 004230C8: ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                          • Part of subcall function 0042368C: LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                          • Part of subcall function 0042368C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                          • Part of subcall function 0042368C: OemToCharA.USER32(?,?), ref: 0042375C
                                                                                          • Part of subcall function 0042368C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                          • Part of subcall function 0041F118: GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                          • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                          • Part of subcall function 0041F118: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                          • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                          • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                                                        • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                        • API String ID: 316262546-2767913252
                                                                                        • Opcode ID: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                        • Instruction ID: d883a59e21ed3b4d0722d018b4a025de81f9e45e1fd093e44b5ebaba0e30331f
                                                                                        • Opcode Fuzzy Hash: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                        • Instruction Fuzzy Hash: AC115E706142419AD740FF76A94235A7BE1DF64308F40943FF448A7391DB3DA9448B5F
                                                                                        APIs
                                                                                        • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                        • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                        • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                        • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$Prop
                                                                                        • String ID:
                                                                                        • API String ID: 3887896539-0
                                                                                        • Opcode ID: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                        • Instruction ID: 06abc153636d574f2b9d5b42ed2ef1d3d1989bf2b09c04f5b7aa0ee96fd2bcf7
                                                                                        • Opcode Fuzzy Hash: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                        • Instruction Fuzzy Hash: 1011C975100244BFEF00DF9DDC84EDA37E8EB19364F144666B958DB2A2D738DD908B68
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045586F,?,00000000,004558AF), ref: 004557B5
                                                                                        Strings
                                                                                        • PendingFileRenameOperations, xrefs: 00455754
                                                                                        • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455738
                                                                                        • WININIT.INI, xrefs: 004557E4
                                                                                        • PendingFileRenameOperations2, xrefs: 00455784
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                        • API String ID: 47109696-2199428270
                                                                                        • Opcode ID: ff5e046778063e7c615d5c8ac9a6b1d801ca0d933ef60992733312df31d3558f
                                                                                        • Instruction ID: 0fa1da25f67206326559771d92c7e47b52ca8d856d575cc5f046ac455f5bab2a
                                                                                        • Opcode Fuzzy Hash: ff5e046778063e7c615d5c8ac9a6b1d801ca0d933ef60992733312df31d3558f
                                                                                        • Instruction Fuzzy Hash: FF51A974E006089FDB10EF61DC51AEEB7B9EF44305F50857BEC04A7292DB78AE49CA58
                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047C7DA,?,?,00000000,0049B628,00000000,00000000,?,004980A9,00000000,00498252,?,00000000), ref: 0047C717
                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,0047C7DA,?,?,00000000,0049B628,00000000,00000000,?,004980A9,00000000,00498252,?,00000000), ref: 0047C720
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                        • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                        • API String ID: 1375471231-2952887711
                                                                                        • Opcode ID: 3f7519f2dbd75ec89759c5e36ccc4ab0adc05f47ddd4608262a1c5d06c660367
                                                                                        • Instruction ID: edb20439a36284776f78bdf2a161e381ec1662189dfb35441dcb715623f8c11f
                                                                                        • Opcode Fuzzy Hash: 3f7519f2dbd75ec89759c5e36ccc4ab0adc05f47ddd4608262a1c5d06c660367
                                                                                        • Instruction Fuzzy Hash: 6F410574A001099BDB01EBA5D8C2ADEB7B5EF44309F50547BE411B7392DB389E058F69
                                                                                        APIs
                                                                                        • 74D31520.VERSION(00000000,?,?,?,ptI), ref: 00452530
                                                                                        • 74D31500.VERSION(00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,ptI), ref: 0045255D
                                                                                        • 74D31540.VERSION(?,004525D4,?,?,00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,ptI), ref: 00452577
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: D31500D31520D31540
                                                                                        • String ID: ptI$%E
                                                                                        • API String ID: 1003763464-3209181666
                                                                                        • Opcode ID: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                        • Instruction ID: f5dca5bfdad9659449235e2d7a4f424f1fde127461be4d93bb02e754cc996b3f
                                                                                        • Opcode Fuzzy Hash: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                        • Instruction Fuzzy Hash: D2218331A00608BFDB01DAA989519AFB7FCEB4A300F554477F800E7242E6B9AE04C765
                                                                                        APIs
                                                                                        • EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                        • GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                        • SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$EnumLongWindows
                                                                                        • String ID: \AB
                                                                                        • API String ID: 4191631535-3948367934
                                                                                        • Opcode ID: bca5fbb655e429c390612aedafb62b4dde642c29ff44978b36ddb9eb5ee27a78
                                                                                        • Instruction ID: 3ad81c14f5822e14e615a382c86082b2427cd388a5bf15486a3129e996868218
                                                                                        • Opcode Fuzzy Hash: bca5fbb655e429c390612aedafb62b4dde642c29ff44978b36ddb9eb5ee27a78
                                                                                        • Instruction Fuzzy Hash: D6115E70700610ABDB109F28E885F5677E8EB08715F10026AF994AB2E3C378ED41CB59
                                                                                        APIs
                                                                                        • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                        • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                        • String ID: f
                                                                                        • API String ID: 730355536-3739981918
                                                                                        • Opcode ID: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                        • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                                        • Opcode Fuzzy Hash: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                        • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                                        APIs
                                                                                        • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE50
                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000,004973CD), ref: 0042DE6B
                                                                                        • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE71
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressDeleteHandleModuleProc
                                                                                        • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                        • API String ID: 588496660-1846899949
                                                                                        • Opcode ID: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                        • Instruction ID: e7246de0df94fba710dd2820c0ca51643d5dd29c3ac0bea476bad59fd0e01b91
                                                                                        • Opcode Fuzzy Hash: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                        • Instruction Fuzzy Hash: 73E06DF1B41B30AAD72022657C8ABA33729DB75365F658437F105AD19183FC2C50CE9D
                                                                                        Strings
                                                                                        • NextButtonClick, xrefs: 0046BAC0
                                                                                        • Need to restart Windows? %s, xrefs: 0046BD09
                                                                                        • PrepareToInstall failed: %s, xrefs: 0046BCE2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                        • API String ID: 0-2329492092
                                                                                        • Opcode ID: 37ba51fdfbf3f4723fb08e99647d0fd9c61c097c060f23ffe4e001e6baa90b0a
                                                                                        • Instruction ID: b95f389d09e957f91eb9f42d110418d47b08b3dab155efeebd7a2a0376f7d9ee
                                                                                        • Opcode Fuzzy Hash: 37ba51fdfbf3f4723fb08e99647d0fd9c61c097c060f23ffe4e001e6baa90b0a
                                                                                        • Instruction Fuzzy Hash: F2D12F34A04208DFCB10EBA9D585AED77F5EF09304F5440BAE404EB352D779AE81DB9A
                                                                                        APIs
                                                                                        • SetActiveWindow.USER32(?,?,00000000,00482EB9), ref: 00482C8C
                                                                                        • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00482D2A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveChangeNotifyWindow
                                                                                        • String ID: $Need to restart Windows? %s
                                                                                        • API String ID: 1160245247-4200181552
                                                                                        • Opcode ID: 81628947227ec58f55b2c351f2131b28aedfbb6b6148b8ba4744526014514c8c
                                                                                        • Instruction ID: 086790f0fc0b942e3ee9f07944933bacbb32a26cbddea002bc31c7aef2919c1b
                                                                                        • Opcode Fuzzy Hash: 81628947227ec58f55b2c351f2131b28aedfbb6b6148b8ba4744526014514c8c
                                                                                        • Instruction Fuzzy Hash: 60919F746002449FDB10FB69D9C5BAE7BE5AF59304F4484BBE8009B3A2C7B8AD05CB5D
                                                                                        APIs
                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                        • GetLastError.KERNEL32(00000000,0046FB4D,?,?,0049C1DC,00000000), ref: 0046FA2A
                                                                                        • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FAA4
                                                                                        • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FAC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                        • String ID: Creating directory: %s
                                                                                        • API String ID: 2451617938-483064649
                                                                                        • Opcode ID: d5447365283b068e30203d66d8a9de4eaa18c1a3b89182fdc70a83f7754103f0
                                                                                        • Instruction ID: 553d0e02451aea180b77d3c3bea8b04784d1aec5cd58197de2500155b30451aa
                                                                                        • Opcode Fuzzy Hash: d5447365283b068e30203d66d8a9de4eaa18c1a3b89182fdc70a83f7754103f0
                                                                                        • Instruction Fuzzy Hash: E5516474E00248ABDB00DFA5D992BDEB7F5AF49304F50847AE850B7386D7786E08CB59
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E82
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F48), ref: 00454EEC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressByteCharMultiProcWide
                                                                                        • String ID: SfcIsFileProtected$sfc.dll
                                                                                        • API String ID: 2508298434-591603554
                                                                                        • Opcode ID: b2872c537cb6cd03ad7726ff2c2bd0a0e2fc6763cd0da9df413ff005d177c2bc
                                                                                        • Instruction ID: 0183ab2a96bad10459dc7acb776d15a29b7b4c70eaa7773bbc3cb8db3249cf06
                                                                                        • Opcode Fuzzy Hash: b2872c537cb6cd03ad7726ff2c2bd0a0e2fc6763cd0da9df413ff005d177c2bc
                                                                                        • Instruction Fuzzy Hash: 1A419771A042189BEB20DB59DC85B9DB7B8EB4430DF5041B7E908A7293D7785F88CE1C
                                                                                        APIs
                                                                                        • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                        • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                        • String ID: SHAutoComplete$shlwapi.dll
                                                                                        • API String ID: 395431579-1506664499
                                                                                        • Opcode ID: 9bc7ff361d258be52dd27e2f74bcf33eed5b2b299b3a40fb55461f8ad11e2a91
                                                                                        • Instruction ID: e807f919b0f5f47641bb36d66eaae5ab4e0d2818c3cb02d7dc2bc8906116ae4e
                                                                                        • Opcode Fuzzy Hash: 9bc7ff361d258be52dd27e2f74bcf33eed5b2b299b3a40fb55461f8ad11e2a91
                                                                                        • Instruction Fuzzy Hash: 3311A330B00319BBD711EB62FD85B8E7BA8DB55704F90447BF40066291DBB8AE05C65D
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,00455A7B,?,00000001,00000000), ref: 00455A6E
                                                                                        Strings
                                                                                        • PendingFileRenameOperations2, xrefs: 00455A4F
                                                                                        • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A1C
                                                                                        • PendingFileRenameOperations, xrefs: 00455A40
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                        • API String ID: 47109696-2115312317
                                                                                        • Opcode ID: 9558350f34ddeb35ff12a6c57317cf96059e68c4625077236ac43c80a8283c08
                                                                                        • Instruction ID: e9356c19d9a7d2c1b22529064790e486fb2be540b5bf165494b3782c633fa2c0
                                                                                        • Opcode Fuzzy Hash: 9558350f34ddeb35ff12a6c57317cf96059e68c4625077236ac43c80a8283c08
                                                                                        • Instruction Fuzzy Hash: A3F0F671304A08BFDB04D661DC62A3B739CE744725FB08167F800CB682EA7CBD04915C
                                                                                        APIs
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?,?,00000000), ref: 0047F882
                                                                                        • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?,?), ref: 0047F88F
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,0047F9A8,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B), ref: 0047F984
                                                                                        • FindClose.KERNEL32(000000FF,0047F9AF,0047F9A8,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?), ref: 0047F9A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileNext
                                                                                        • String ID:
                                                                                        • API String ID: 2066263336-0
                                                                                        • Opcode ID: d71ed79f5e3cae8dbdb8f9366932315e37cb591a7859d28a8b9a768ac6bf17e9
                                                                                        • Instruction ID: 945984253e7709c97adc8e2d755cc1877c70959f01d2b28a808f8207dce1d898
                                                                                        • Opcode Fuzzy Hash: d71ed79f5e3cae8dbdb8f9366932315e37cb591a7859d28a8b9a768ac6bf17e9
                                                                                        • Instruction Fuzzy Hash: FD513E71900648AFCB20EF65CC45ADEB7B8EB88315F1084BAA418E7351D7389F89CF55
                                                                                        APIs
                                                                                        • GetMenu.USER32(00000000), ref: 00421361
                                                                                        • SetMenu.USER32(00000000,00000000), ref: 0042137E
                                                                                        • SetMenu.USER32(00000000,00000000), ref: 004213B3
                                                                                        • SetMenu.USER32(00000000,00000000), ref: 004213CF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu
                                                                                        • String ID:
                                                                                        • API String ID: 3711407533-0
                                                                                        • Opcode ID: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                        • Instruction ID: 68e231870b0c3442489bede8fdcf2aa1db34e154331db007d9f14f65c1163b63
                                                                                        • Opcode Fuzzy Hash: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                        • Instruction Fuzzy Hash: 4641AE3070425447EB20EA3AA9857AB36925B20308F4841BFFC40DF7A3CA7CDD45839D
                                                                                        APIs
                                                                                        • SendMessageA.USER32(?,?,?,?), ref: 00416B84
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00416B9E
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00416BB8
                                                                                        • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BE0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$CallMessageProcSendTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 601730667-0
                                                                                        • Opcode ID: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                        • Instruction ID: 4ea48ea5c9b96bae81565ca4ce64eb356f32bd46963e120bc97d04dec40f2685
                                                                                        • Opcode Fuzzy Hash: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                        • Instruction Fuzzy Hash: BC115171705604AFD710EE6ECC84E8777ECEF49310715887EB959CB612C638F8418B69
                                                                                        APIs
                                                                                        • WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                        • CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                        • String ID:
                                                                                        • API String ID: 4071923889-0
                                                                                        • Opcode ID: 7a90289248fc1b73338e990bec893a2b2f0b3f31367c070c083f3916a619ed36
                                                                                        • Instruction ID: ea90b2abd28d60bbe0c33bbe6d7a83e36ef454db8471bda6b5c19e9a906557d9
                                                                                        • Opcode Fuzzy Hash: 7a90289248fc1b73338e990bec893a2b2f0b3f31367c070c083f3916a619ed36
                                                                                        • Instruction Fuzzy Hash: B9012D31A006097FEB1097AA8C02F6FBBECDF49764F610127F904D72C2C5788D409A78
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0042311E
                                                                                        • EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDeviceEnumFontsRelease
                                                                                        • String ID:
                                                                                        • API String ID: 2698912916-0
                                                                                        • Opcode ID: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                        • Instruction ID: a9d24610abdaa6694e735d00c6d38f20457f2ac5f1468c421a1b182fb2ef8db9
                                                                                        • Opcode Fuzzy Hash: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                        • Instruction Fuzzy Hash: 8D01CC716042102AE700BF6A5C82B9B3AA49F01319F40027BF808AA3C6DA7E980547AE
                                                                                        APIs
                                                                                          • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                        • FlushFileBuffers.KERNEL32(?), ref: 0045C2E9
                                                                                        Strings
                                                                                        • EndOffset range exceeded, xrefs: 0045C21D
                                                                                        • NumRecs range exceeded, xrefs: 0045C1E6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$BuffersFlush
                                                                                        • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                        • API String ID: 3593489403-659731555
                                                                                        • Opcode ID: 342f5355273d5727d167a8c36915eb09cbddc721749ec1229ea5b88aeccb3df0
                                                                                        • Instruction ID: 054e4d8252a4b7fe708e1d13fc1942b3136e6dcde41ac9beef610e5760cb7d56
                                                                                        • Opcode Fuzzy Hash: 342f5355273d5727d167a8c36915eb09cbddc721749ec1229ea5b88aeccb3df0
                                                                                        • Instruction Fuzzy Hash: D3615434A002588FDB25DF25D881AD9B7B5AF49305F0084DAED89AB353D774AEC8CF54
                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,004021FC), ref: 004020CB
                                                                                          • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                          • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                          • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                          • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                        • String ID: f
                                                                                        • API String ID: 296031713-3739981918
                                                                                        • Opcode ID: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                        • Instruction ID: 30adadd309813d1a6846ca6b4958dbaac508113c784b73a5bb8d11bfdb372a30
                                                                                        • Opcode Fuzzy Hash: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                        • Instruction Fuzzy Hash: 3941E3B2E00304DFDB10CF69EE8521A77A4F7A8324B15417FD854A77E2D3789801DB88
                                                                                        APIs
                                                                                          • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00498726), ref: 0040334B
                                                                                          • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00498726), ref: 00403356
                                                                                          • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498730), ref: 00406322
                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                          • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                          • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498730), ref: 00406366
                                                                                          • Part of subcall function 004063C4: 6F551CD0.COMCTL32(00498735), ref: 004063C4
                                                                                          • Part of subcall function 00410764: GetCurrentThreadId.KERNEL32 ref: 004107B2
                                                                                          • Part of subcall function 00419040: GetVersion.KERNEL32(0049874E), ref: 00419040
                                                                                          • Part of subcall function 0044F744: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498762), ref: 0044F77F
                                                                                          • Part of subcall function 0044F744: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                          • Part of subcall function 0044FC10: GetVersionExA.KERNEL32(0049B790,00498767), ref: 0044FC1F
                                                                                          • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 00453210
                                                                                          • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                          • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 0045322A
                                                                                          • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                          • Part of subcall function 00456F00: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F24
                                                                                          • Part of subcall function 00464468: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049878A), ref: 00464477
                                                                                          • Part of subcall function 00464468: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0046447D
                                                                                          • Part of subcall function 0046CC64: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC79
                                                                                          • Part of subcall function 00478740: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498794), ref: 00478746
                                                                                          • Part of subcall function 00478740: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478753
                                                                                          • Part of subcall function 00478740: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478763
                                                                                          • Part of subcall function 00483A6C: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00483B5B
                                                                                          • Part of subcall function 00495724: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0049573D
                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,004987DC), ref: 004987AE
                                                                                          • Part of subcall function 004984D8: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,004987B8,00000001,00000000,004987DC), ref: 004984E2
                                                                                          • Part of subcall function 004984D8: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004984E8
                                                                                          • Part of subcall function 004244D4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 004244F3
                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                        • ShowWindow.USER32(?,00000005,00000000,004987DC), ref: 0049880F
                                                                                          • Part of subcall function 004820AC: SetActiveWindow.USER32(?), ref: 0048215A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorF551FormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                        • String ID: Setup
                                                                                        • API String ID: 3870281231-3839654196
                                                                                        • Opcode ID: 4026870168645be20c4e504289bca16f7fc9894158eff1610b8fe089479f565d
                                                                                        • Instruction ID: 72ad643eee306aeb53380572695708c68149a0501138caf3355f256a6ce1e3ac
                                                                                        • Opcode Fuzzy Hash: 4026870168645be20c4e504289bca16f7fc9894158eff1610b8fe089479f565d
                                                                                        • Instruction Fuzzy Hash: 7931C5712046409ED705BBBBAC5392D3B94EF8A728BA2447FF80486593DE3C58508A7F
                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A6A
                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A73
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                        • String ID: .tmp
                                                                                        • API String ID: 1375471231-2986845003
                                                                                        • Opcode ID: 7172d9ffade96b62561a832a68f8cbe161be4b5cae50dfb87ffdb02f7c338e4f
                                                                                        • Instruction ID: ea6adcadec8e2c01cafa1ba510acc1338588d6ec7b4e1cf88163bb5bfef62d35
                                                                                        • Opcode Fuzzy Hash: 7172d9ffade96b62561a832a68f8cbe161be4b5cae50dfb87ffdb02f7c338e4f
                                                                                        • Instruction Fuzzy Hash: A9213575A002089BDB01EFA1C8429DEB7B8EF49305F50457BE801B7343DA3CAF058B69
                                                                                        APIs
                                                                                          • Part of subcall function 00483560: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483571
                                                                                          • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0048357E
                                                                                          • Part of subcall function 00483560: GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0048358C
                                                                                          • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483594
                                                                                          • Part of subcall function 00483560: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 004835A0
                                                                                          • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 004835C1
                                                                                          • Part of subcall function 00483560: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 004835D4
                                                                                          • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 004835DA
                                                                                          • Part of subcall function 0048388C: GetVersionExA.KERNEL32(?,00483A9E,00000000,00483B73,?,?,?,?,?,00498799), ref: 0048389A
                                                                                          • Part of subcall function 0048388C: GetVersionExA.KERNEL32(0000009C,?,00483A9E,00000000,00483B73,?,?,?,?,?,00498799), ref: 004838EC
                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00483B5B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModuleVersion$CurrentErrorInfoLibraryLoadModeNativeProcessSystem
                                                                                        • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                        • API String ID: 3869789854-2936008475
                                                                                        • Opcode ID: 36bbd7205677a14235ded179242f98fe4396733ea939f399f849956901c26b03
                                                                                        • Instruction ID: 33d3db6593e9873a674f830e342c1c65c6cab746408e9d399a43700aa418428b
                                                                                        • Opcode Fuzzy Hash: 36bbd7205677a14235ded179242f98fe4396733ea939f399f849956901c26b03
                                                                                        • Instruction Fuzzy Hash: 672100B06503516EC300BF7E59A661A3BA5EB5474C380893FF804EB3D2D77E68145BAE
                                                                                        APIs
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C41C,00000000,0047C432), ref: 0047C12A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID: RegisteredOrganization$RegisteredOwner
                                                                                        • API String ID: 3535843008-1113070880
                                                                                        • Opcode ID: 0e90ec8331aa68b80fdbd6afaabfad8867ded4c3b6cad332e65b349247218e2d
                                                                                        • Instruction ID: 6af266579ce0f4cae339b7a6725c06c490679c1ac7d4d5cc7f46b4f942b6f465
                                                                                        • Opcode Fuzzy Hash: 0e90ec8331aa68b80fdbd6afaabfad8867ded4c3b6cad332e65b349247218e2d
                                                                                        • Instruction Fuzzy Hash: 32F0B430704244AFDB04DAA8EDD2BAA776AD741304FA4803FE1048F382D679DE019BAC
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004752F7), ref: 004750E5
                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004752F7), ref: 004750FC
                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateErrorFileHandleLast
                                                                                        • String ID: CreateFile
                                                                                        • API String ID: 2528220319-823142352
                                                                                        • Opcode ID: bbf61bf67fe349c097a8a02b07410db95704594b340b54041ead5b805cfa0960
                                                                                        • Instruction ID: 6399d4087dc53d24fa9d3bc8bb06fd86b45c214eecae9240140a798b65cacfb0
                                                                                        • Opcode Fuzzy Hash: bbf61bf67fe349c097a8a02b07410db95704594b340b54041ead5b805cfa0960
                                                                                        • Instruction Fuzzy Hash: 18E06D302407447BEA10FA69CCC6F4A77989B04768F10C162FA48AF3E2C5B9EC408658
                                                                                        APIs
                                                                                          • Part of subcall function 00456E90: CoInitialize.OLE32(00000000), ref: 00456E96
                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                        • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F24
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                        • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                        • API String ID: 2906209438-2320870614
                                                                                        • Opcode ID: 3ee7a517847f468c0619dab237ccb69dbf9a8b231eaadc82d937c3bc473404de
                                                                                        • Instruction ID: 06a1b1eafb8ede6a4ef061af05be88198505768e1dcfa776260a5a664dfb1d55
                                                                                        • Opcode Fuzzy Hash: 3ee7a517847f468c0619dab237ccb69dbf9a8b231eaadc82d937c3bc473404de
                                                                                        • Instruction Fuzzy Hash: BBC04CA1F5271156CA00BBFA655361F2805DB5031FBD2803FB948A7587CE7C9C095B6E
                                                                                        APIs
                                                                                          • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                          • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                        • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC79
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressErrorLibraryLoadModeProc
                                                                                        • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                        • API String ID: 2492108670-2683653824
                                                                                        • Opcode ID: 86cf81fee744bb21f40f36152ca0a59654e50c5ee39d1ae44c17eff86845b0ac
                                                                                        • Instruction ID: d379c4162c5a45317e257a8b9368072ef34678a45322f04a033aff34d3fd6743
                                                                                        • Opcode Fuzzy Hash: 86cf81fee744bb21f40f36152ca0a59654e50c5ee39d1ae44c17eff86845b0ac
                                                                                        • Instruction Fuzzy Hash: 4BB092A06027018ADB00F7F258A662B28099B40319B20803B71889B685EE3C88004BAF
                                                                                        APIs
                                                                                        • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,00000000,00448709), ref: 0044864C
                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004486CD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID:
                                                                                        • API String ID: 2574300362-0
                                                                                        • Opcode ID: c059e024c9e6eb8416f72924d9350c7e8f021855cc9b01300ad62ba4517ae118
                                                                                        • Instruction ID: 2eaa58f6359003fef9dee836e3db1fa56ae38c906bc4f4c4d93ca6671f7cd4fb
                                                                                        • Opcode Fuzzy Hash: c059e024c9e6eb8416f72924d9350c7e8f021855cc9b01300ad62ba4517ae118
                                                                                        • Instruction Fuzzy Hash: 14515470E00105AFDB40EF95C491AAEBBF9EB45319F11817FE414BB391DA389E05CB99
                                                                                        APIs
                                                                                        • GetSystemMenu.USER32(00000000,00000000,00000000,00481898), ref: 00481830
                                                                                        • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00481841
                                                                                        • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00481859
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Append$System
                                                                                        • String ID:
                                                                                        • API String ID: 1489644407-0
                                                                                        • Opcode ID: d933746ff7b66401e606975732ccc260a02719cdd81df1f2e9532199b1c22675
                                                                                        • Instruction ID: 2579a7d5db53e33ee4863251c1290a2b13440539eb68b17f0e677d1311332c65
                                                                                        • Opcode Fuzzy Hash: d933746ff7b66401e606975732ccc260a02719cdd81df1f2e9532199b1c22675
                                                                                        • Instruction Fuzzy Hash: A131A3307043445AD721BB769C83B6E3B989F55718F54587FF8009A2E3CA7C9D0A879D
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0044B401
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0044B424
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0044B457
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectReleaseSelect
                                                                                        • String ID:
                                                                                        • API String ID: 1831053106-0
                                                                                        • Opcode ID: 71686dd1bf2aceb477ce3f8db4b541325f82ff5bc32dc74031120fde16d0cea8
                                                                                        • Instruction ID: 242bcfed98594cbdcf51f2854abe94a1ec69c13560e3a72339b9f4254961cc58
                                                                                        • Opcode Fuzzy Hash: 71686dd1bf2aceb477ce3f8db4b541325f82ff5bc32dc74031120fde16d0cea8
                                                                                        • Instruction Fuzzy Hash: 62216570A04248AFEB15DFA6C841B9F7BB9DB49304F11806AF904A7682D778D940CB59
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B14C,?,004820C7,?,?), ref: 0044B11E
                                                                                        • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B131
                                                                                        • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B165
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DrawText$ByteCharMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 65125430-0
                                                                                        • Opcode ID: 48900d8d8fc19135f8d19aada3e9e9d8d34cb92564939e70bb5bc2663f887e99
                                                                                        • Instruction ID: fec6fabf6d030a51aab30bc406273ff78954f96defe81b00f374268ef7e1f253
                                                                                        • Opcode Fuzzy Hash: 48900d8d8fc19135f8d19aada3e9e9d8d34cb92564939e70bb5bc2663f887e99
                                                                                        • Instruction Fuzzy Hash: 2A11CBB27046047FEB00DB6A9C91D6F77ECDB49750F10817BF504D72D0D6399E018669
                                                                                        APIs
                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424412
                                                                                        • TranslateMessage.USER32(?), ref: 0042448F
                                                                                        • DispatchMessageA.USER32(?), ref: 00424499
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DispatchPeekTranslate
                                                                                        • String ID:
                                                                                        • API String ID: 4217535847-0
                                                                                        • Opcode ID: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                        • Instruction ID: 8eae6dca0d2455523dd27ca57e4683f6da326f6f2f90499d04ddbfd693f83f9d
                                                                                        • Opcode Fuzzy Hash: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                        • Instruction Fuzzy Hash: E3116D303043205AEB20FA24A941B9F73D4DFC5758F80481EFC99972C2D77D9D49879A
                                                                                        APIs
                                                                                        • SetPropA.USER32(00000000,00000000), ref: 0041666A
                                                                                        • SetPropA.USER32(00000000,00000000), ref: 0041667F
                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Prop$Window
                                                                                        • String ID:
                                                                                        • API String ID: 3363284559-0
                                                                                        • Opcode ID: ff8df5d04f2ecdb5f17762fdbd8b59dc717163ef82ea70d213bab306533cf9bb
                                                                                        • Instruction ID: 6913c5f2d07602d921388148e43cadd8ab2d6729f30613f48e4cae6714e3bc13
                                                                                        • Opcode Fuzzy Hash: ff8df5d04f2ecdb5f17762fdbd8b59dc717163ef82ea70d213bab306533cf9bb
                                                                                        • Instruction Fuzzy Hash: ACF01271701210ABDB10AB599C85FA732DCAB09714F16057AB905EF286C778DC40C7A8
                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 0041EE64
                                                                                        • IsWindowEnabled.USER32(?), ref: 0041EE6E
                                                                                        • EnableWindow.USER32(?,00000000), ref: 0041EE94
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$EnableEnabledVisible
                                                                                        • String ID:
                                                                                        • API String ID: 3234591441-0
                                                                                        • Opcode ID: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                        • Instruction ID: 3b4cb379701a2ac24b7d0c87bf9454d2e26b3d0fb89a85d5a5a22e513a73856b
                                                                                        • Opcode Fuzzy Hash: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                        • Instruction Fuzzy Hash: EAE06DB5100301AAE301AB2BDC81B5B7A9CAB54350F05843BA9089B292D63ADC408B7C
                                                                                        APIs
                                                                                        • SetActiveWindow.USER32(?), ref: 00469EA1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveWindow
                                                                                        • String ID: PrepareToInstall
                                                                                        • API String ID: 2558294473-1101760603
                                                                                        • Opcode ID: e58a16817a64f5759f31888600c1354bb1a8a8b494c3c93af2f1dbc242ca25c6
                                                                                        • Instruction ID: ccacc6dcba8b8cbbfa1c17f86b27e08b0c11e5798d11daccd90c331c988b02c3
                                                                                        • Opcode Fuzzy Hash: e58a16817a64f5759f31888600c1354bb1a8a8b494c3c93af2f1dbc242ca25c6
                                                                                        • Instruction Fuzzy Hash: 7EA11934A00109DFCB00EF59D986EDEB7F5AF48304F6580B6E404AB366D778AE41DB99
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: /:*?"<>|
                                                                                        • API String ID: 0-4078764451
                                                                                        • Opcode ID: 43277fb1c717e2606564b112b1b0681d416f5021830c97b09ce096e65d7cf365
                                                                                        • Instruction ID: 1e87f3d38ec7dbf16fc1afa4daea9e6ca85b65b9a8fb7c68475855461939e3a0
                                                                                        • Opcode Fuzzy Hash: 43277fb1c717e2606564b112b1b0681d416f5021830c97b09ce096e65d7cf365
                                                                                        • Instruction Fuzzy Hash: 4371A470A40214ABDB10EB66DDD2BEE77A19F40308F1084A7F580AB392E779AD45875F
                                                                                        APIs
                                                                                        • SetActiveWindow.USER32(?), ref: 0048215A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveWindow
                                                                                        • String ID: InitializeWizard
                                                                                        • API String ID: 2558294473-2356795471
                                                                                        • Opcode ID: 376233a1d1dddbf1dd43b25fae561af2bf40b6633c4dd7a0e8b1389a7c4343be
                                                                                        • Instruction ID: 36b0f45b5e581da985bac651985c8aaa8d6a9bed6a39233588f506be3a995c8b
                                                                                        • Opcode Fuzzy Hash: 376233a1d1dddbf1dd43b25fae561af2bf40b6633c4dd7a0e8b1389a7c4343be
                                                                                        • Instruction Fuzzy Hash: 79119434205200AFD701FBA9EEDAB1937E4EB59328F60047BF5009B6A1DA796C00CB5D
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047C230,00000000,0047C432), ref: 0047C029
                                                                                        Strings
                                                                                        • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047BFF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                        • API String ID: 47109696-1019749484
                                                                                        • Opcode ID: 91d5c32787d00ddb3ecc29a404e36154aacf37a6ecdb6076e024b20848598476
                                                                                        • Instruction ID: 5930872802659161668f2fc27ec2b8a5c579264ce8ecaca434dd7baa373bea44
                                                                                        • Opcode Fuzzy Hash: 91d5c32787d00ddb3ecc29a404e36154aacf37a6ecdb6076e024b20848598476
                                                                                        • Instruction Fuzzy Hash: B1F08231700514A7DA00A69E6D82B9BA79D9B84758F20403FF508DB242DABE9E0202EC
                                                                                        APIs
                                                                                        • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,00475FFE,?,0049C1DC,?,0046EFCF,?,00000000,0046F56A,?,_is1), ref: 0046ECDB
                                                                                        Strings
                                                                                        • Inno Setup: Setup Version, xrefs: 0046ECD9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID: Inno Setup: Setup Version
                                                                                        • API String ID: 3702945584-4166306022
                                                                                        • Opcode ID: 56bbb1f4a6cd77c20b542710a526df67742b244f3cd53e0af7fea37619b23a66
                                                                                        • Instruction ID: 3111e2ab1a00cbee8849f506c2bc3fe53732bb3e30b7299e44938699edfd3f7c
                                                                                        • Opcode Fuzzy Hash: 56bbb1f4a6cd77c20b542710a526df67742b244f3cd53e0af7fea37619b23a66
                                                                                        • Instruction Fuzzy Hash: 71E06D753012043FE710AA2B9C85F5BBBDCDF99765F10403AB909DB392D978DD0085A8
                                                                                        APIs
                                                                                        • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F3A6,?,?,00000000,0046F56A,?,_is1,?), ref: 0046ED3B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID: NoModify
                                                                                        • API String ID: 3702945584-1699962838
                                                                                        • Opcode ID: 306e8526e04bb1da42350282118940b5300f429dbb2620f70078b8bfc6bd1a7c
                                                                                        • Instruction ID: e7aa99f2e089c5623e338f59092b711216c244eb116ac0446a77828d65f342ac
                                                                                        • Opcode Fuzzy Hash: 306e8526e04bb1da42350282118940b5300f429dbb2620f70078b8bfc6bd1a7c
                                                                                        • Instruction Fuzzy Hash: 3AE04FB4640304BFEB04DB55CD4AF6B77ECDB48710F104059BA049B291E674FE00CA68
                                                                                        APIs
                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        Strings
                                                                                        • System\CurrentControlSet\Control\Windows, xrefs: 0042DE36
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID: System\CurrentControlSet\Control\Windows
                                                                                        • API String ID: 71445658-1109719901
                                                                                        • Opcode ID: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                        • Instruction ID: 60e43675bb36a9eef4a15598a1848ca3f705ecc445ee8c9fe52fc6b05f1352bb
                                                                                        • Opcode Fuzzy Hash: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                        • Instruction Fuzzy Hash: 29D09E72950128BB9B009A89DC41DFB775DDB15760F45441BF9049B141C5B4AC5197E4
                                                                                        APIs
                                                                                        • GetACP.KERNEL32(?,?,00000001,00000000,0047E237,?,-0000001A,004800ED,-00000010,?,00000004,0000001B,00000000,0048043A,?,0045D9B8), ref: 0047DFCE
                                                                                          • Part of subcall function 0042E31C: GetDC.USER32(00000000), ref: 0042E32B
                                                                                          • Part of subcall function 0042E31C: EnumFontsA.GDI32(?,00000000,0042E308,00000000,00000000,0042E374,?,00000000,00000000,004804A1,?,?,00000001,00000000,00000002,00000000), ref: 0042E356
                                                                                          • Part of subcall function 0042E31C: ReleaseDC.USER32(00000000,?), ref: 0042E36E
                                                                                        • SendNotifyMessageA.USER32(00020456,00000496,00002711,-00000001), ref: 0047E19E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: EnumFontsMessageNotifyReleaseSend
                                                                                        • String ID:
                                                                                        • API String ID: 2649214853-0
                                                                                        • Opcode ID: e029a571d7ea910feaf489f47ebd39d374a0288316229fc386b1e2e4e1e2ac40
                                                                                        • Instruction ID: 52cd92918bf59317d76ec0dbded9268cc5ddbf6ebeab8dbad6023b52803fe890
                                                                                        • Opcode Fuzzy Hash: e029a571d7ea910feaf489f47ebd39d374a0288316229fc386b1e2e4e1e2ac40
                                                                                        • Instruction Fuzzy Hash: 045196746001108BC710FF26D981A9B37E9EB58308B90C67BA4089B3A7CB7CDD46CB9D
                                                                                        APIs
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DC3C
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DCAC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                        • Instruction ID: 5bd1c55a509b6dee259ffcee94d68868fe84ce326e73fb4cf6662c4527ef549e
                                                                                        • Opcode Fuzzy Hash: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                        • Instruction Fuzzy Hash: 9D414171E00529ABDB11DF95D881BAFB7B8EB04704F918466E810F7241D778AE00CBA5
                                                                                        APIs
                                                                                        • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DF6C
                                                                                        • RegCloseKey.ADVAPI32(?,0042DFDD,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DFD0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseEnum
                                                                                        • String ID:
                                                                                        • API String ID: 2818636725-0
                                                                                        • Opcode ID: 4ba9105902ea8f19abce0b58cfd6361b4b3e39fae621ffe28cce2eb109bf1346
                                                                                        • Instruction ID: d62689c7b7995b9893119ef97773413105dd68debc8ff02f2d4f9d8a28cc91ff
                                                                                        • Opcode Fuzzy Hash: 4ba9105902ea8f19abce0b58cfd6361b4b3e39fae621ffe28cce2eb109bf1346
                                                                                        • Instruction Fuzzy Hash: DD31B270F04258AEDB11DFA6DD42BAEBBB9EB49304F91407BE501E6280D6785E01CA2D
                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,?,?,004580C8,00000000,004580B0,?,?,?,00000000,00452862,?,?,?,00000001), ref: 0045283C
                                                                                        • GetLastError.KERNEL32(00000000,00000000,?,?,004580C8,00000000,004580B0,?,?,?,00000000,00452862,?,?,?,00000001), ref: 00452844
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 2919029540-0
                                                                                        • Opcode ID: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                        • Instruction ID: fcc055d8c1a696a2a0db1e32a085008d871673fec5534948229a16d4440eefa6
                                                                                        • Opcode Fuzzy Hash: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                        • Instruction Fuzzy Hash: A2113C72600208AF8B40DEA9DD41D9F77ECEB4E310B114567FD18D3241D678EE148B68
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040ADF2
                                                                                        • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040AF4F,00000000,0040AF67,?,?,?,00000000), ref: 0040AE03
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$FindFree
                                                                                        • String ID:
                                                                                        • API String ID: 4097029671-0
                                                                                        • Opcode ID: 724046dbf40c25189cee710f776ecaa222692b14a71540f68148777f5d1b7dbd
                                                                                        • Instruction ID: 3d7a77417cef7b3885e8747e4544195f2de945da78ee84bb1155330bb8f828e3
                                                                                        • Opcode Fuzzy Hash: 724046dbf40c25189cee710f776ecaa222692b14a71540f68148777f5d1b7dbd
                                                                                        • Instruction Fuzzy Hash: 0301F771300700AFD700FF69EC52E1B77EDDB46714710807AF500AB3D1D639AC10966A
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                        • EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$CurrentEnumWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2396873506-0
                                                                                        • Opcode ID: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                        • Instruction ID: bcaa23655132f8f2785c0a842f21b48ac99b37e3223c43442b01e3940dbd0cdf
                                                                                        • Opcode Fuzzy Hash: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                        • Instruction Fuzzy Hash: 31015B76A04604BFD706CF6BEC1199ABBE8E789720B22887BEC04D3690E7355C10DF18
                                                                                        APIs
                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 00452CC2
                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00452CE8), ref: 00452CCA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLastMove
                                                                                        • String ID:
                                                                                        • API String ID: 55378915-0
                                                                                        • Opcode ID: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                        • Instruction ID: 1f9035ddd188b097fe3d15476f32cd7793c58c8f4df07880d9fc6ba60e4ff235
                                                                                        • Opcode Fuzzy Hash: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                        • Instruction Fuzzy Hash: 9401D671A04208AB8712EB799D4149EB7ECEB8A32575045BBFC04E3243EA785E048558
                                                                                        APIs
                                                                                        • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527A9
                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527B1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1375471231-0
                                                                                        • Opcode ID: 6f9ba9aa6754c9e5f92aa980ec9340f602ab7068810135e8d813bbe39961caa9
                                                                                        • Instruction ID: e3b373b60118a844676bb749001e6832c3b26a50706decb61b3ae2e0e224b701
                                                                                        • Opcode Fuzzy Hash: 6f9ba9aa6754c9e5f92aa980ec9340f602ab7068810135e8d813bbe39961caa9
                                                                                        • Instruction Fuzzy Hash: 40F02871A00308BBCB01EF759D4259EB7E8EB4E311B2045B7FC04E3642E6B94E04859C
                                                                                        APIs
                                                                                        • LoadCursorA.USER32(00000000,00007F00), ref: 00423249
                                                                                        • LoadCursorA.USER32(00000000,00000000), ref: 00423273
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CursorLoad
                                                                                        • String ID:
                                                                                        • API String ID: 3238433803-0
                                                                                        • Opcode ID: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                        • Instruction ID: 5e34cf6406f075c2c63d733b1f02ef4b9a88184ee1572dc0f3c8875cc615d59b
                                                                                        • Opcode Fuzzy Hash: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                        • Instruction Fuzzy Hash: 9EF0A711B04254AADA109E7E6CC0D6B72A8DF82735B61037BFA3EC72D1C62E1D414569
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLibraryLoadMode
                                                                                        • String ID:
                                                                                        • API String ID: 2987862817-0
                                                                                        • Opcode ID: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                        • Instruction ID: 14c2566281f292fbf4bc3f3871eddb8f7eb4f11f4d1149329263d7d1c8790498
                                                                                        • Opcode Fuzzy Hash: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                        • Instruction Fuzzy Hash: 02F08970B147447FDB119F779CA241BBBECDB49B1175249B6F800A3591E53C4910C928
                                                                                        APIs
                                                                                        • SHGetKnownFolderPath.SHELL32(00499D2C,00008000,00000000,?), ref: 0047C38B
                                                                                        • CoTaskMemFree.OLE32(?,0047C3CE), ref: 0047C3C1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FolderFreeKnownPathTask
                                                                                        • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                        • API String ID: 969438705-544719455
                                                                                        • Opcode ID: f6c6a059b63e4d54008f1ffce5751a4521167e095c9041d7631769de42763c2c
                                                                                        • Instruction ID: 7faaca218829a84c9f3570f99a5fa1a3454177a5e5567d2e8256f64c4bc7b3ab
                                                                                        • Opcode Fuzzy Hash: f6c6a059b63e4d54008f1ffce5751a4521167e095c9041d7631769de42763c2c
                                                                                        • Instruction Fuzzy Hash: 77E09B31340604AFEB219B619C92B6D77ACE744B00B718477F900E26C0D67CAD14991C
                                                                                        APIs
                                                                                        • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,0046FFBD,?,00000000), ref: 0045090E
                                                                                        • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,0046FFBD,?,00000000), ref: 00450916
                                                                                          • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,0049799C,00000001,00000000,00000002,00000000,00497AFD,?,?,00000005,00000000,00497B31), ref: 004506B7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 1156039329-0
                                                                                        • Opcode ID: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                        • Instruction ID: 32d43412562f4d6ab64aa8be608e77008e370c57458e4df53f7444e76f76d0cb
                                                                                        • Opcode Fuzzy Hash: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                        • Instruction Fuzzy Hash: 0EE012E93042015BF700EA6599C1B2F22DCDB44315F00446ABD44CA28BE678CC048B29
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$AllocFree
                                                                                        • String ID:
                                                                                        • API String ID: 2087232378-0
                                                                                        • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                        • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                                        • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                        • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                                        APIs
                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,00408712), ref: 004085FB
                                                                                          • Part of subcall function 00406DEC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E09
                                                                                          • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                        • String ID:
                                                                                        • API String ID: 1658689577-0
                                                                                        • Opcode ID: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                        • Instruction ID: 9026c6f0acc6bf601755118861b832b1e3c4c92574a9a05948c89544872af2a3
                                                                                        • Opcode Fuzzy Hash: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                        • Instruction Fuzzy Hash: 47314E35E00109ABCB00EB55CC819EEB779EF84314F558577E815BB286EB38AA018B98
                                                                                        APIs
                                                                                        • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC39
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoScroll
                                                                                        • String ID:
                                                                                        • API String ID: 629608716-0
                                                                                        • Opcode ID: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                        • Instruction ID: 6365c2cd079840e4170b7c9ce409c3d873e807bce8729d2e10e5c00059922083
                                                                                        • Opcode Fuzzy Hash: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                        • Instruction Fuzzy Hash: D8214FB1608746AFC351DF3984407A6BBE4BB48344F14893EE498C3741E778E99ACBD6
                                                                                        APIs
                                                                                          • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                          • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                        • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C322,?,00000000,?,?,0046C534,?,00000000,0046C5A8), ref: 0046C306
                                                                                          • Part of subcall function 0041EF58: IsWindow.USER32(?), ref: 0041EF66
                                                                                          • Part of subcall function 0041EF58: EnableWindow.USER32(?,00000001), ref: 0041EF75
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3319771486-0
                                                                                        • Opcode ID: 372a16360b70271e3fbe54b3c8c2dd1bf1f72266d056807abca4c83ddb60c27c
                                                                                        • Instruction ID: ca087fa44df162080e90021c0b7c07397410ce2cdc620b11c20c1b42f9b7769a
                                                                                        • Opcode Fuzzy Hash: 372a16360b70271e3fbe54b3c8c2dd1bf1f72266d056807abca4c83ddb60c27c
                                                                                        • Instruction Fuzzy Hash: 93F0B470204300BFEB059FA6ED96B2576D8D748714FA1443BF904C6290E57D5880852E
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                        • Instruction ID: 51b66c86ab1fb2ed9abdb0db83839a26410808368eb32e0cb4295e2ee82716ff
                                                                                        • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                        • Instruction Fuzzy Hash: 09F04970608109EBBB1CCF58D0618AF7BA0EB48300F2080AFE907C7BA0D634AA80D658
                                                                                        APIs
                                                                                        • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 00416585
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                        • Instruction ID: 158b8484bb218b41c698b3aa21f26e2dd86497bc01e640ef524e7c8f4c0ee3c6
                                                                                        • Opcode Fuzzy Hash: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                        • Instruction Fuzzy Hash: 4BF019B2200510AFDB84DE9CD9C0F9773ECEB0C210B0481A6FA08CB21AD220EC108BB0
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149EF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                        • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                        • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                        • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450804
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                        • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                                        • Opcode Fuzzy Hash: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                        • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD14,?,00000001,?,?,00000000,?,0042CD66,00000000,00452A25,00000000,00452A46,?,00000000), ref: 0042CCF7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                        • Instruction ID: d3c11148bbbe1678040d416a6bc301cfea82702c80b798926358c5e84281cc0e
                                                                                        • Opcode Fuzzy Hash: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                        • Instruction Fuzzy Hash: 80E065B1304304BFD701EB66EC92A5EBAACDB49754BA14876B50097592D5B86E008468
                                                                                        APIs
                                                                                        • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FormatMessage
                                                                                        • String ID:
                                                                                        • API String ID: 1306739567-0
                                                                                        • Opcode ID: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                        • Instruction ID: fbc307da5c1359fbfbc351051067b699ae1438aedf6613c80dda169529e76e7e
                                                                                        • Opcode Fuzzy Hash: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                        • Instruction Fuzzy Hash: BCE0206278431116F2353416AC47B77150E43C0708F944027BB90DF3D3D6AF9945D25E
                                                                                        APIs
                                                                                        • GetTextExtentPointA.GDI32(?,00000000,00000000), ref: 0041AF9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExtentPointText
                                                                                        • String ID:
                                                                                        • API String ID: 566491939-0
                                                                                        • Opcode ID: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                        • Instruction ID: 6b43be1268843882f9474f888990ee0a0f71ddbfb678ee1088bae751a0726d8f
                                                                                        • Opcode Fuzzy Hash: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                        • Instruction Fuzzy Hash: E3E086F13097102BD600E67E1DC19DB77DC8A483697148177F458E7392D62DDE1A43AE
                                                                                        APIs
                                                                                        • CreateWindowExA.USER32(00000000,0042367C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00406311
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateWindow
                                                                                        • String ID:
                                                                                        • API String ID: 716092398-0
                                                                                        • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                        • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                                                        • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                        • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                                                        APIs
                                                                                        • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create
                                                                                        • String ID:
                                                                                        • API String ID: 2289755597-0
                                                                                        • Opcode ID: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                        • Instruction ID: 68673b5cf84413dff1d7ecec16939cb2303f89f305828e6cd22260af4b89741b
                                                                                        • Opcode Fuzzy Hash: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                        • Instruction Fuzzy Hash: EDE07EB2610119AF9B40DE8CDC81EEB37ADAB1D350F404016FA08E7200C2B4EC519BB4
                                                                                        APIs
                                                                                        • FindClose.KERNEL32(00000000,000000FF,004707E0,00000000,004715F6,?,00000000,0047163F,?,00000000,00471778,?,00000000,?,00000000), ref: 00454C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseFind
                                                                                        • String ID:
                                                                                        • API String ID: 1863332320-0
                                                                                        • Opcode ID: 7c8f6db93596433e8c6540ce52a48f0da3b0448ecaf471e45e9c42032ee7c2dc
                                                                                        • Instruction ID: 5c2dbd3a099336849a47a332199978da45cb785deb8a29a76394180ab3bc5383
                                                                                        • Opcode Fuzzy Hash: 7c8f6db93596433e8c6540ce52a48f0da3b0448ecaf471e45e9c42032ee7c2dc
                                                                                        • Instruction Fuzzy Hash: A1E09BB09097004BC715DF39858031A76D19FC9325F05C96AEC99CF3D7E77D84454617
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(00495556,?,00495578,?,?,00000000,00495556,?,?), ref: 0041469B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                        • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                        • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                        • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                        APIs
                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F24
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                        • Instruction ID: adeaf4ebd0e6cd94d64be6b3cb299443ba394f13a0b1cd3d8337db6b6af80796
                                                                                        • Opcode Fuzzy Hash: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                        • Instruction Fuzzy Hash: 53D012722091506AD220965A6C44EAB6BDCCBC5770F11063AB558C2181D7209C01C675
                                                                                        APIs
                                                                                          • Part of subcall function 004235F8: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042360D
                                                                                        • ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                          • Part of subcall function 00423628: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423644
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoParametersSystem$ShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3202724764-0
                                                                                        • Opcode ID: f1fbc87c7d3064a6cf4368d53b3e4c6ee974437194041f03c0195094467d5de5
                                                                                        • Instruction ID: 3e39ddd90fb628193caaea160b6f4ed5bf244f394cc2da11a07db6b12dca8b82
                                                                                        • Opcode Fuzzy Hash: f1fbc87c7d3064a6cf4368d53b3e4c6ee974437194041f03c0195094467d5de5
                                                                                        • Instruction Fuzzy Hash: 34D05E123821703142307ABB280699B46EC8D822EB389043BB5449B312ED5DCE01116C
                                                                                        APIs
                                                                                        • SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: TextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 530164218-0
                                                                                        • Opcode ID: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                        • Instruction ID: e359d8c046b4275bb87a72ac3440150ee0889cd0e7de0465f76ccf46c1161c2e
                                                                                        • Opcode Fuzzy Hash: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                        • Instruction Fuzzy Hash: 81D05EE27011602BCB01BAED54C4AC667CC9B8D25AB1840BBF904EF257D638CE40C398
                                                                                        APIs
                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046769C,00000000,00000000,00000000,0000000C,00000000), ref: 004669CC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallbackDispatcherUser
                                                                                        • String ID:
                                                                                        • API String ID: 2492992576-0
                                                                                        • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                        • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                        • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                        • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,004515CB,00000000), ref: 0042CD2F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AttributesFile
                                                                                        • String ID:
                                                                                        • API String ID: 3188754299-0
                                                                                        • Opcode ID: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                        • Instruction ID: 53db4a1afaa3b7bebcc80daf879f764776582c58df104e6651e2d127eece83ed
                                                                                        • Opcode Fuzzy Hash: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                        • Instruction Fuzzy Hash: 48C08CE03222001A9E60A6BD2CC551F06CC891423A3A41E3BB129EB2E2D23D88162818
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A6D4,0040CC80,?,00000000,?), ref: 00406EDD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                        • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                                        • Opcode Fuzzy Hash: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                        • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                                        APIs
                                                                                        • SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                          • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,0049799C,00000001,00000000,00000002,00000000,00497AFD,?,?,00000005,00000000,00497B31), ref: 004506B7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 734332943-0
                                                                                        • Opcode ID: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                        • Instruction ID: 9573b676cf6dd5fef234c73c81a1a5d02d78d5ca05287b50762f3c98dcfac2da
                                                                                        • Opcode Fuzzy Hash: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                        • Instruction Fuzzy Hash: 1AC04CA5700211479F10A6BA85C1A0662D86A5D3157144066BD08CF207D668D8148A18
                                                                                        APIs
                                                                                        • SetCurrentDirectoryA.KERNEL32(00000000,?,0049792A,00000000,00497AFD,?,?,00000005,00000000,00497B31,?,?,00000000), ref: 004072B3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 1611563598-0
                                                                                        • Opcode ID: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                        • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                                                        • Opcode Fuzzy Hash: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                        • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(?,0042E40D), ref: 0042E400
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                        • Instruction ID: 426ac138898b17598b25982f2c454791bd479401c65f9a69ae9baa170422678e
                                                                                        • Opcode Fuzzy Hash: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                        • Instruction Fuzzy Hash: CDB09B7670C6105EE709D6D5B45552D63D4D7C57207E14477F010D2581D57D58054E18
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DestroyWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3375834691-0
                                                                                        • Opcode ID: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                        • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                                                        • Opcode Fuzzy Hash: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                        • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4b311c6ba27037e114d2a0e0a4cc9575de8b4ed7f96be8eb5d2287752a4e0dd9
                                                                                        • Instruction ID: 41a6872630840156d23f43a697f0b10540748f54e9aa1b8241e7bbe25a2b1888
                                                                                        • Opcode Fuzzy Hash: 4b311c6ba27037e114d2a0e0a4cc9575de8b4ed7f96be8eb5d2287752a4e0dd9
                                                                                        • Instruction Fuzzy Hash: 73517574E002099FDB00EFA9C892AAFBBF5EB49314F50817AE500E7351DB389D41CB98
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047DA68,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047DA22
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 626452242-0
                                                                                        • Opcode ID: f00937e419430fadacdfb08ba868c06bfaea8747007b4ff93a078d6954f67ca3
                                                                                        • Instruction ID: f29de2ad8c50687240b36adc22138c5273adba91495e2343049bdb371ee5aac2
                                                                                        • Opcode Fuzzy Hash: f00937e419430fadacdfb08ba868c06bfaea8747007b4ff93a078d6954f67ca3
                                                                                        • Instruction Fuzzy Hash: A051B6B0A14214AFDB10DF54D8C4B9ABBF8EF19308F108077E944A7391D738AE45CB6A
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                        • Instruction ID: 3312bc658de40493dbbbdb628fa1ac862c14c743cb2aabe02eeb7d71ec829e14
                                                                                        • Opcode Fuzzy Hash: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                        • Instruction Fuzzy Hash: D5115A752007059BCB20DF19D880B82FBE5EF98390F10C53BE9688B385D3B4E8458BA9
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,0045302D), ref: 0045300F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID:
                                                                                        • API String ID: 1452528299-0
                                                                                        • Opcode ID: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                        • Instruction ID: b902f5f71593d0acd8113edc39c0d5725662cc955bae9521e0e34912f41e4d76
                                                                                        • Opcode Fuzzy Hash: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                        • Instruction Fuzzy Hash: 850170356042486FC701DF699C008EEFBE8EB4D76171082B7FC24C3382D7345E059664
                                                                                        APIs
                                                                                        • VirtualFree.KERNEL32(?,?,00004000,?,?,?,?,?,00401973), ref: 00401766
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 1263568516-0
                                                                                        • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                        • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                                        • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                        • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandle
                                                                                        • String ID:
                                                                                        • API String ID: 2962429428-0
                                                                                        • Opcode ID: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                        • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                                        • Opcode Fuzzy Hash: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                        • Instruction Fuzzy Hash:
                                                                                        APIs
                                                                                        • GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                        • SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                        • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                        • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                        • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                        • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                        • FreeLibrary.KERNEL32(00000001,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F26F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                        • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                        • API String ID: 2323315520-3614243559
                                                                                        • Opcode ID: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                        • Instruction ID: e724c2aa341d6685c6ab1c4031cb88844a897dd828fe35f3324890dc483947ec
                                                                                        • Opcode Fuzzy Hash: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                        • Instruction Fuzzy Hash: 8E314FB2640700ABEB01EBB9AC46A6B3794F328724741093FB508D7192D77C5C55CF5C
                                                                                        APIs
                                                                                        • GetTickCount.KERNEL32 ref: 0045847F
                                                                                        • QueryPerformanceCounter.KERNEL32(02163858,00000000,00458712,?,?,02163858,00000000,?,00458E0E,?,02163858,00000000), ref: 00458488
                                                                                        • GetSystemTimeAsFileTime.KERNEL32(02163858,02163858), ref: 00458492
                                                                                        • GetCurrentProcessId.KERNEL32(?,02163858,00000000,00458712,?,?,02163858,00000000,?,00458E0E,?,02163858,00000000), ref: 0045849B
                                                                                        • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 00458511
                                                                                        • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02163858,02163858), ref: 0045851F
                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,004586CE), ref: 00458567
                                                                                        • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,004586BD,?,00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,004586CE), ref: 004585A0
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458649
                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045867F
                                                                                        • CloseHandle.KERNEL32(000000FF,004586C4,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004586B7
                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                        • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                        • API String ID: 770386003-3271284199
                                                                                        • Opcode ID: 9504134f1b0840cae109e3ce12893ae1ca881710e7b52e2eec49e0a39d18bb41
                                                                                        • Instruction ID: 01244017a6d81f6d28e4b5174d8fffcdbc0783d4be9496fecaa57000614c8eca
                                                                                        • Opcode Fuzzy Hash: 9504134f1b0840cae109e3ce12893ae1ca881710e7b52e2eec49e0a39d18bb41
                                                                                        • Instruction Fuzzy Hash: 71711370A003449EDB10EF65CC45B9EBBF4EB15705F5084BAF918FB282DB7899448F69
                                                                                        APIs
                                                                                          • Part of subcall function 00477E90: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EA9
                                                                                          • Part of subcall function 00477E90: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477EAF
                                                                                          • Part of subcall function 00477E90: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EC2
                                                                                          • Part of subcall function 00477E90: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC), ref: 00477EEC
                                                                                          • Part of subcall function 00477E90: CloseHandle.KERNEL32(00000000,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477F0A
                                                                                          • Part of subcall function 00477F68: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00477FFA,?,?,?,02162BDC,?,0047805C,00000000,00478172,?,?,-00000010,?), ref: 00477F98
                                                                                        • ShellExecuteEx.SHELL32(0000003C), ref: 004780AC
                                                                                        • GetLastError.KERNEL32(00000000,00478172,?,?,-00000010,?), ref: 004780B5
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00478102
                                                                                        • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00478126
                                                                                        • CloseHandle.KERNEL32(00000000,00478157,00000000,00000000,000000FF,000000FF,00000000,00478150,?,00000000,00478172,?,?,-00000010,?), ref: 0047814A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                        • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                        • API String ID: 883996979-221126205
                                                                                        • Opcode ID: 3f9d2181694077b21b868e71eca94cf7724c1513c234160a79aee89dede81d9c
                                                                                        • Instruction ID: 4776828256a8cc8572350b5820200226dc7264e1f18f620f8b2e082d5f540a6f
                                                                                        • Opcode Fuzzy Hash: 3f9d2181694077b21b868e71eca94cf7724c1513c234160a79aee89dede81d9c
                                                                                        • Instruction Fuzzy Hash: 6E316670940208AEDB10EFE6C845ADEB7B8EB04318F90847FF518F7281DA7899058B59
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 004229F4
                                                                                        • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BBE), ref: 00422A04
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSendShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1631623395-0
                                                                                        • Opcode ID: feaf7eda56c5d7a46aeac68601ea302718d54c2d1d0da18b2df088f526b52f35
                                                                                        • Instruction ID: 9e9026b6a08d43f4c34b0c014f83afec13b9727198b5f0eb67f7172f0d04fbcb
                                                                                        • Opcode Fuzzy Hash: feaf7eda56c5d7a46aeac68601ea302718d54c2d1d0da18b2df088f526b52f35
                                                                                        • Instruction Fuzzy Hash: 90915171B04214BFDB11EFA9DA86F9D77F4AB04304F5500BAF504AB392CB78AE419B58
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 00418393
                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 004183B0
                                                                                        • GetWindowRect.USER32(?), ref: 004183CC
                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 004183DA
                                                                                        • GetWindowLongA.USER32(?,000000F8), ref: 004183EF
                                                                                        • ScreenToClient.USER32(00000000), ref: 004183F8
                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00418403
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                        • String ID: ,
                                                                                        • API String ID: 2266315723-3772416878
                                                                                        • Opcode ID: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                        • Instruction ID: 8875a2d430ef8be2c5346fa25315cde737655516302bc4d2344e38a88124d083
                                                                                        • Opcode Fuzzy Hash: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                        • Instruction Fuzzy Hash: 2B112B71505201ABEB00DF69C885F9B77E8AF48314F04067EFD58DB296D738D900CB65
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455612
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455639
                                                                                        • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045563E
                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 0045564F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                        • String ID: SeShutdownPrivilege
                                                                                        • API String ID: 107509674-3733053543
                                                                                        • Opcode ID: 71598a6bdd6d5fb56d5762fa92910e3e26de8c4971b3032dc2bdc18874b6a41e
                                                                                        • Instruction ID: 23182b732e3c774e917f784577cc733395bd6f0e504c2650860deaf78f25ff04
                                                                                        • Opcode Fuzzy Hash: 71598a6bdd6d5fb56d5762fa92910e3e26de8c4971b3032dc2bdc18874b6a41e
                                                                                        • Instruction Fuzzy Hash: CBF0C870294B41B9EA10A6718C17F3B21C89B40709F80083ABD05E90D3D7BDD40C4A2E
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045CFE1
                                                                                        • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045CFF1
                                                                                        • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045D001
                                                                                        • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047F453,00000000,0047F47C), ref: 0045D026
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$CryptVersion
                                                                                        • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                        • API String ID: 1951258720-508647305
                                                                                        • Opcode ID: 6bea81dda9fbb2f0804f4d34ed7f3fdf770b10932dc8999661774a36d6befbc1
                                                                                        • Instruction ID: 053e23ae93e59936775da3b85939a49c1ec117bb16e32bace9e6a444f988995f
                                                                                        • Opcode Fuzzy Hash: 6bea81dda9fbb2f0804f4d34ed7f3fdf770b10932dc8999661774a36d6befbc1
                                                                                        • Instruction Fuzzy Hash: 3EF0F9B0980700CBE728EFB6ACC67263795EB9570AF14813BA808A11E2D7780499CB1C
                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000,00497F30,?,?,00000000,0049B628), ref: 00497C6B
                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 00497CEE
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00497D2A,?,00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000), ref: 00497D06
                                                                                        • FindClose.KERNEL32(000000FF,00497D31,00497D2A,?,00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000,00497F30), ref: 00497D24
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$AttributesCloseFirstNext
                                                                                        • String ID: isRS-$isRS-???.tmp
                                                                                        • API String ID: 134685335-3422211394
                                                                                        • Opcode ID: 364c0e76f2c6b87ee015195f117b48597cda05d20fe84bdce713179882c005fd
                                                                                        • Instruction ID: 58584d30a9cebb9496c34c78ac808807487b68c9e5340ea926fa5a91c3adbdad
                                                                                        • Opcode Fuzzy Hash: 364c0e76f2c6b87ee015195f117b48597cda05d20fe84bdce713179882c005fd
                                                                                        • Instruction Fuzzy Hash: 22316571A146086BDF10EF65CC41ADEBBBCDF49304F5085BBA908A32A1E63C9E458F58
                                                                                        APIs
                                                                                        • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0045745D
                                                                                        • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457484
                                                                                        • SetForegroundWindow.USER32(?), ref: 00457495
                                                                                        • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,0045776F,?,00000000,004577AB), ref: 0045775A
                                                                                        Strings
                                                                                        • Cannot evaluate variable because [Code] isn't running yet, xrefs: 004575DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                        • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                        • API String ID: 2236967946-3182603685
                                                                                        • Opcode ID: 6bd6caa41a15310477e83bc0a49d1206285915d7cd4776c217e2dcd25b97f1c8
                                                                                        • Instruction ID: fa7acb0e2d6b8d582b6902519899a90ae2b0afcf3fbb82d78ce799b77582f668
                                                                                        • Opcode Fuzzy Hash: 6bd6caa41a15310477e83bc0a49d1206285915d7cd4776c217e2dcd25b97f1c8
                                                                                        • Instruction Fuzzy Hash: DF91D134608204EFD715CF69E991F5ABBF9FB49704F2180BAEC0497792D638AE04DB58
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E3C
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E42
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                        • API String ID: 1646373207-3712701948
                                                                                        • Opcode ID: 425acd45c57e1a90a14b519a9b70c26380c560e6a4faa307eedde0d31f767984
                                                                                        • Instruction ID: d81c9a8c7c52065d28d66f53e81ce4f313aa74f068c2efe820cb9bfc493487ae
                                                                                        • Opcode Fuzzy Hash: 425acd45c57e1a90a14b519a9b70c26380c560e6a4faa307eedde0d31f767984
                                                                                        • Instruction Fuzzy Hash: B0418671A04649AFCF01EFA5C8929EEB7B8EF48305F504567F804F7292D67C5E098B68
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 00417D0F
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                        • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Placement$Iconic
                                                                                        • String ID: ,
                                                                                        • API String ID: 568898626-3772416878
                                                                                        • Opcode ID: a0af22d6e47f15c5c805b34526d81a80d06eca119401db975a7b3104afeb2d4e
                                                                                        • Instruction ID: e85585575f8c5a3e7823c55acc6b28d6d187d41511fbfc80546af44b70413e2d
                                                                                        • Opcode Fuzzy Hash: a0af22d6e47f15c5c805b34526d81a80d06eca119401db975a7b3104afeb2d4e
                                                                                        • Instruction Fuzzy Hash: 4C2112716042089BDF10EF69D8C1AEA77B8AF48314F05456AFD18DF346D678DD84CBA8
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,00463D0D), ref: 00463B81
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463C10
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00463CC2,?,00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463CA2
                                                                                        • FindClose.KERNEL32(000000FF,00463CC9,00463CC2,?,00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463CBC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseErrorFirstModeNext
                                                                                        • String ID:
                                                                                        • API String ID: 4011626565-0
                                                                                        • Opcode ID: ea3eed7d1408edc3882bc6792a8114668d7e879bec7624fad3ea01842ef17e57
                                                                                        • Instruction ID: 951735f7a3c6dd48f486321ddf7fb9c00a217b4e97ee71939f184256b73d479b
                                                                                        • Opcode Fuzzy Hash: ea3eed7d1408edc3882bc6792a8114668d7e879bec7624fad3ea01842ef17e57
                                                                                        • Instruction Fuzzy Hash: 2B41A871A00A58AFCB10EF65DC45ADDB7B8EB88706F4044BAF404B7381E67C9F488E59
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001,00000000,004641B3), ref: 00464041
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 00464087
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00464160,?,00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 0046413C
                                                                                        • FindClose.KERNEL32(000000FF,00464167,00464160,?,00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 0046415A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseErrorFirstModeNext
                                                                                        • String ID:
                                                                                        • API String ID: 4011626565-0
                                                                                        • Opcode ID: 178f21a278dbeca0b5487afb4cc8a3a474e9964bec91cf1fa54baf1df103d301
                                                                                        • Instruction ID: 3e1e9a66f2526eb02ce93895e5fa1006c5947d115418489384634c6f5ce8cf05
                                                                                        • Opcode Fuzzy Hash: 178f21a278dbeca0b5487afb4cc8a3a474e9964bec91cf1fa54baf1df103d301
                                                                                        • Instruction Fuzzy Hash: 7341A434B00A58AFCF11EF65CC859DEB7B9EBC8305F4044AAF804A7341E6389E848E49
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E956
                                                                                        • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E981
                                                                                        • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E98E
                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E996
                                                                                        • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E99C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                        • String ID:
                                                                                        • API String ID: 1177325624-0
                                                                                        • Opcode ID: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                        • Instruction ID: 661b18b1de4eb1238568a50ab540e77c3175952f9b14320adb6d96c9b056064d
                                                                                        • Opcode Fuzzy Hash: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                        • Instruction Fuzzy Hash: 80F090B23A17207AF620B57A5C86F7F418CCB89B68F10423BBA04FF1D1D9A85D0555AD
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 0048345E
                                                                                        • GetWindowLongA.USER32(00000000,000000F0), ref: 0048347C
                                                                                        • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A4,0048293A,0048296E,00000000,0048298E,?,?,?,0049C0A4), ref: 0048349E
                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A4,0048293A,0048296E,00000000,0048298E,?,?,?,0049C0A4), ref: 004834B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Show$IconicLong
                                                                                        • String ID:
                                                                                        • API String ID: 2754861897-0
                                                                                        • Opcode ID: 7adc6d23a2e45bfcb47f86f15328f2256524f13007b9a6bd5233fe1c8f26e82e
                                                                                        • Instruction ID: b2d3f2bb309dc3ccac68fe08692f7b65e7038161d92c55b9b58b225abec03440
                                                                                        • Opcode Fuzzy Hash: 7adc6d23a2e45bfcb47f86f15328f2256524f13007b9a6bd5233fe1c8f26e82e
                                                                                        • Instruction Fuzzy Hash: 750152706012409AE601BFE59D8AB5A26C55F10F49F18087BB9009F2A2DA2DDA858B1C
                                                                                        APIs
                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000000,00462698), ref: 0046261C
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,00462678,?,00000000,?,00000000,00462698), ref: 00462658
                                                                                        • FindClose.KERNEL32(000000FF,0046267F,00462678,?,00000000,?,00000000,00462698), ref: 00462672
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 3541575487-0
                                                                                        • Opcode ID: e94515bc2c8b3d54fda8ee7ea50903a5de584af26bf4ddc4af921dcd62f8e3d1
                                                                                        • Instruction ID: 64bef34161faf0391a99b618d3e767a3fd2d5c762390acd0a64fbb4d401bfb5a
                                                                                        • Opcode Fuzzy Hash: e94515bc2c8b3d54fda8ee7ea50903a5de584af26bf4ddc4af921dcd62f8e3d1
                                                                                        • Instruction Fuzzy Hash: E921D831904B147ECB11EB65DC41ADEB7ACDB49304F5084F7F808E22A1E6B89E548F5A
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 004241E4
                                                                                        • SetActiveWindow.USER32(?,?,?,0046CBC7), ref: 004241F1
                                                                                          • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                          • Part of subcall function 00423B14: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021625AC,0042420A,?,?,?,0046CBC7), ref: 00423B4F
                                                                                        • SetFocus.USER32(00000000,?,?,?,0046CBC7), ref: 0042421E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveFocusIconicShow
                                                                                        • String ID:
                                                                                        • API String ID: 649377781-0
                                                                                        • Opcode ID: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                        • Instruction ID: c953833529836f01456b8f788e47b4b7c36f7a841d6c6df07f57e62630513da6
                                                                                        • Opcode Fuzzy Hash: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                        • Instruction Fuzzy Hash: 8CF030B170012097CB10BFAAA8C5B9676A8AB48344F5500BBBD05DF357CA7CDC018778
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 00417D0F
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                        • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                        • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Placement$Iconic
                                                                                        • String ID:
                                                                                        • API String ID: 568898626-0
                                                                                        • Opcode ID: 76c66e33316401a89d3facc50d11a2b6f1ba08a7ab00baf439cd89f832e1e53a
                                                                                        • Instruction ID: d9358ea7cd183770b33139a8ac7b7a0a70302bd2c01e5fc8313c3e2814ac7f2c
                                                                                        • Opcode Fuzzy Hash: 76c66e33316401a89d3facc50d11a2b6f1ba08a7ab00baf439cd89f832e1e53a
                                                                                        • Instruction Fuzzy Hash: 33012C71204108ABDB10EE59D8C1EF673A8AF45724F154566FD19DF242D639ED8087A8
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CaptureIconic
                                                                                        • String ID:
                                                                                        • API String ID: 2277910766-0
                                                                                        • Opcode ID: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                        • Instruction ID: 6cb7601519473143bf4e876ebf6758ccc8fc4fa751d6c6e0357a6193460a6b05
                                                                                        • Opcode Fuzzy Hash: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                        • Instruction Fuzzy Hash: 0AF0A4723056425BD730AB2EC984AB762F69F84314B14403BE419CBFA1EB3CDCC08798
                                                                                        APIs
                                                                                        • IsIconic.USER32(?), ref: 0042419B
                                                                                          • Part of subcall function 00423A84: EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                          • Part of subcall function 00423A84: GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                          • Part of subcall function 00423A84: GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                          • Part of subcall function 00423A84: SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                        • SetActiveWindow.USER32(?,?,?,00423D73,00000000,0042415C), ref: 004241AF
                                                                                          • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2671590913-0
                                                                                        • Opcode ID: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                        • Instruction ID: ce5d4440ec1c13bcfda566247f28ea27228b22b89c70f7a48f218b5e8bc86154
                                                                                        • Opcode Fuzzy Hash: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                        • Instruction Fuzzy Hash: 55E01AA070011087DB10AFAADCC8B9632A9BB48304F55017ABD49CF35BD63CC8608724
                                                                                        APIs
                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127D5), ref: 004127C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: NtdllProc_Window
                                                                                        • String ID:
                                                                                        • API String ID: 4255912815-0
                                                                                        • Opcode ID: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                        • Instruction ID: 2c049f03cfb376e3baa0368465928f91904f6d03483072bf0e6cb5f6a46bccc5
                                                                                        • Opcode Fuzzy Hash: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                        • Instruction Fuzzy Hash: 4A5102357082048FD710DB6ADA80A9BF3E5EF98314B2082BBD814C77A1D7B8AD91C75D
                                                                                        APIs
                                                                                        • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0047872E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: NtdllProc_Window
                                                                                        • String ID:
                                                                                        • API String ID: 4255912815-0
                                                                                        • Opcode ID: 10ca812e3c548e1abffc20113ea3ec26250c704f28d0c7929afa756ed2071b4a
                                                                                        • Instruction ID: 93be4e423146f0b72d2fb04b2818289b08cc6f156d75f667f85849a608f59376
                                                                                        • Opcode Fuzzy Hash: 10ca812e3c548e1abffc20113ea3ec26250c704f28d0c7929afa756ed2071b4a
                                                                                        • Instruction Fuzzy Hash: 81416979604104EFCB10CF99D6889AAB7F5FB48310B74C5AAE809EB701DB38EE41DB55
                                                                                        APIs
                                                                                        • ArcFourCrypt._ISCRYPT(?,?,?,?), ref: 0045D097
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CryptFour
                                                                                        • String ID:
                                                                                        • API String ID: 2153018856-0
                                                                                        • Opcode ID: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                                        • Instruction ID: 2e238a974be0c8424367b3c35ccc205e7f0a308c5ec670be841bb4718b7179ff
                                                                                        • Opcode Fuzzy Hash: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                                        • Instruction Fuzzy Hash: 37C09BF200420CBF660057D5ECC9C77B75CF6586547508126F6048210195726C104574
                                                                                        APIs
                                                                                        • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046D988,?,0046DB69), ref: 0045D0AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CryptFour
                                                                                        • String ID:
                                                                                        • API String ID: 2153018856-0
                                                                                        • Opcode ID: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                                        • Instruction ID: 227689971defb3a768f182aa15824e3680876923b4d994b81e1676941902ce31
                                                                                        • Opcode Fuzzy Hash: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                                        • Instruction Fuzzy Hash: 9DA002B0A80300BAFD2057B05D4EF26352CA7D0F05F708465B202EA0D085A56410852C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3319669109.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3319643519.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3319694282.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_10000000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                        • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                                        • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                        • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3319669109.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3319643519.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3319694282.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_10000000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                        • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                                        • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                        • Instruction Fuzzy Hash:
                                                                                        APIs
                                                                                          • Part of subcall function 0044B604: GetVersionExA.KERNEL32(00000094), ref: 0044B621
                                                                                        • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498762), ref: 0044B67F
                                                                                        • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                        • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                        • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C9
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7DB
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7ED
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7FF
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B811
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B823
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B835
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B847
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B859
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B86B
                                                                                        • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B87D
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B88F
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8A1
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8B3
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8C5
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8D7
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E9
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8FB
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B90D
                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B91F
                                                                                        • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B931
                                                                                        • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B943
                                                                                        • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B955
                                                                                        • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B967
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B979
                                                                                        • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B98B
                                                                                        • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B99D
                                                                                        • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9AF
                                                                                        • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9C1
                                                                                        • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9D3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoadVersion
                                                                                        • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                        • API String ID: 1968650500-2910565190
                                                                                        • Opcode ID: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                        • Instruction ID: e93aa9000a3b975727f71862fff1c9a8a52c50bca2d3d110ef64c9f3a3b13d35
                                                                                        • Opcode Fuzzy Hash: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                        • Instruction Fuzzy Hash: D391A8F0A40B11ABEB00EFB5AD96A2A3BA8EB15714310067BB454DF295D778DC108FDD
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0041CA40
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 0041CA4C
                                                                                        • CreateBitmap.GDI32(0041A944,?,00000001,00000001,00000000), ref: 0041CA70
                                                                                        • CreateCompatibleBitmap.GDI32(?,0041A944,?), ref: 0041CA80
                                                                                        • SelectObject.GDI32(0041CE3C,00000000), ref: 0041CA9B
                                                                                        • FillRect.USER32(0041CE3C,?,?), ref: 0041CAD6
                                                                                        • SetTextColor.GDI32(0041CE3C,00000000), ref: 0041CAEB
                                                                                        • SetBkColor.GDI32(0041CE3C,00000000), ref: 0041CB02
                                                                                        • PatBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00FF0062), ref: 0041CB18
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 0041CB2B
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041CB5C
                                                                                        • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CB74
                                                                                        • RealizePalette.GDI32(00000000), ref: 0041CB7D
                                                                                        • SelectPalette.GDI32(0041CE3C,00000000,00000001), ref: 0041CB8C
                                                                                        • RealizePalette.GDI32(0041CE3C), ref: 0041CB95
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041CBAE
                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 0041CBC5
                                                                                        • BitBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00000000,00000000,00000000,00CC0020), ref: 0041CBE1
                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041CBEE
                                                                                        • DeleteDC.GDI32(00000000), ref: 0041CC04
                                                                                          • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                                                        • String ID:
                                                                                        • API String ID: 269503290-0
                                                                                        • Opcode ID: 5610cf759d7025b655e2849d1764ebaab2a311e46506ba216d1aa554289a1213
                                                                                        • Instruction ID: 91afdf38925dfcc0a19aef53af63d8b93a06df8cfedaf367688fa0d34ebdb442
                                                                                        • Opcode Fuzzy Hash: 5610cf759d7025b655e2849d1764ebaab2a311e46506ba216d1aa554289a1213
                                                                                        • Instruction Fuzzy Hash: 01610071A44648AFDF10EBE9DC86FDFB7B8EB48704F10446AB504E7281D67CA940CB68
                                                                                        APIs
                                                                                        • ShowWindow.USER32(?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000,?,0049868F,00000000,00498699,?,00000000), ref: 00497FC3
                                                                                        • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000,?,0049868F,00000000), ref: 00497FD6
                                                                                        • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000), ref: 00497FE6
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00498007
                                                                                        • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000), ref: 00498017
                                                                                          • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                        • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                        • API String ID: 2000705611-3672972446
                                                                                        • Opcode ID: acab9580149f75eae7839736e9631fcca2424d0ecbbcfe327cba637ac9836c34
                                                                                        • Instruction ID: 42a01cccdaaec234e2c43ae8d099a56eb68d33786198a0d03eeaed72e33259cf
                                                                                        • Opcode Fuzzy Hash: acab9580149f75eae7839736e9631fcca2424d0ecbbcfe327cba637ac9836c34
                                                                                        • Instruction Fuzzy Hash: 3991B530A046049FDF11EBA9D852BAE7BA4EB4A704F5144BBF500AB682DE7D9C05CB1D
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,0045A7E4,?,?,?,?,?,00000006,?,00000000,004973CD,?,00000000,00497470), ref: 0045A696
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                        • API String ID: 1452528299-3112430753
                                                                                        • Opcode ID: 7b4c67a2979538d05da33b0281ac62305e71b724ae5420e86ae83fd1cfea1fbc
                                                                                        • Instruction ID: 3d84b67d4b55823e814de2816039390ec2683d954eb16ce362ee678782389cb9
                                                                                        • Opcode Fuzzy Hash: 7b4c67a2979538d05da33b0281ac62305e71b724ae5420e86ae83fd1cfea1fbc
                                                                                        • Instruction Fuzzy Hash: 9A719030B002485BCB10EB698891BAE77B59F48719F54856BFC01AB383DA7CDE1D875E
                                                                                        APIs
                                                                                        • GetVersion.KERNEL32 ref: 0045CA2A
                                                                                        • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CA4A
                                                                                        • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CA57
                                                                                        • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CA64
                                                                                        • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CA72
                                                                                          • Part of subcall function 0045C918: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045C9B7,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045C991
                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC65,?,?,00000000), ref: 0045CB2B
                                                                                        • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC65,?,?,00000000), ref: 0045CB34
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                        • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                        • API String ID: 59345061-4263478283
                                                                                        • Opcode ID: 551fcf749c72914a38171c600357803e83c81dab8682d1b21c615cfe1b656b91
                                                                                        • Instruction ID: 9267600119b74d5c47b6def8195b3f0e3f25b5cd065e112b6ecb42d85fa503a5
                                                                                        • Opcode Fuzzy Hash: 551fcf749c72914a38171c600357803e83c81dab8682d1b21c615cfe1b656b91
                                                                                        • Instruction Fuzzy Hash: B1518571900708EFDB11DFA9C885BAEBBB8EB4C311F14806AF915B7241C6799944CFA9
                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(00499A74,00000000,00000001,00499774,?,00000000,004568A1), ref: 004565A6
                                                                                        • CoCreateInstance.OLE32(00499764,00000000,00000001,00499774,?,00000000,004568A1), ref: 004565CC
                                                                                        • SysFreeString.OLEAUT32(?), ref: 00456759
                                                                                        Strings
                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456790
                                                                                        • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 004567CA
                                                                                        • CoCreateInstance, xrefs: 004565D7
                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 0045673E
                                                                                        • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004566EF
                                                                                        • IPropertyStore::Commit, xrefs: 004567A9
                                                                                        • IPersistFile::Save, xrefs: 00456828
                                                                                        • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004566BB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInstance$FreeString
                                                                                        • String ID: CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)
                                                                                        • API String ID: 308859552-3936712486
                                                                                        • Opcode ID: c517585abefeef5e4aecaacf0f1214f05652fa0e4087abcedef047af4287d9d3
                                                                                        • Instruction ID: 8ea5dda7a560ded85d07eb9974ca036a449deae5e5e286e87ef099e1c3d3d79c
                                                                                        • Opcode Fuzzy Hash: c517585abefeef5e4aecaacf0f1214f05652fa0e4087abcedef047af4287d9d3
                                                                                        • Instruction Fuzzy Hash: 70A12171A00105AFDB50DFA9C885BAE77F8EF09306F55406AF904E7262DB38DD48CB69
                                                                                        APIs
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0041B3C3
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 0041B3CD
                                                                                        • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3DF
                                                                                        • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B3F6
                                                                                        • GetDC.USER32(00000000), ref: 0041B402
                                                                                        • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B42F
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041B455
                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                        • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                        • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                        • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                                                        • String ID:
                                                                                        • API String ID: 644427674-0
                                                                                        • Opcode ID: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                        • Instruction ID: 0f3e5998203d07172116f12fa3fedaa120d09cd030f2870c51d139f455c41937
                                                                                        • Opcode Fuzzy Hash: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                        • Instruction Fuzzy Hash: E941AD71E44619AFDB10DAE9C846FEFB7BCEB08704F104466B614F7281D6786D408BA8
                                                                                        APIs
                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472B74
                                                                                        • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472C7B
                                                                                        • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472C91
                                                                                        • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472CB6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                        • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                        • API String ID: 971782779-3668018701
                                                                                        • Opcode ID: f320f92f694209bf3d87b242267b6161fd66681942871ca2a5a7eb633dffa5fc
                                                                                        • Instruction ID: 488d38facc3b5b4348deb9d7b7a0b4180c51b54c04cb4348039bcbbbcac6ad39
                                                                                        • Opcode Fuzzy Hash: f320f92f694209bf3d87b242267b6161fd66681942871ca2a5a7eb633dffa5fc
                                                                                        • Instruction Fuzzy Hash: 62D13574A001499FDB11EFA9D981BDDBBF5AF08304F50806AF904B7392C778AE45CB69
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,?,00000000,?,00000000,00454B0D,?,0045A9BA,00000003,00000000,00000000,00454B44), ref: 0045498D
                                                                                          • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                        • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045A9BA,00000000,00000000,?,00000000,?,00000000), ref: 00454A11
                                                                                        • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045A9BA,00000000,00000000,?,00000000,?,00000000), ref: 00454A40
                                                                                        Strings
                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548AB
                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548E4
                                                                                        • , xrefs: 004548FE
                                                                                        • RegOpenKeyEx, xrefs: 00454910
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue$FormatMessageOpen
                                                                                        • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                        • API String ID: 2812809588-1577016196
                                                                                        • Opcode ID: d2d2157a54bb89dc076ef9e0fa42170e86ba3ac777985cc89856524af98327e3
                                                                                        • Instruction ID: 10c729c5df0f457655d9edc07d187ac9b2ad403c2690153cc8aec617143616fc
                                                                                        • Opcode Fuzzy Hash: d2d2157a54bb89dc076ef9e0fa42170e86ba3ac777985cc89856524af98327e3
                                                                                        • Instruction Fuzzy Hash: D1914871E44148ABDB10DF95C842BDEB7FCEB49309F50406BF900FB282D6789E458B69
                                                                                        APIs
                                                                                          • Part of subcall function 004591B4: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592F1,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459201
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 0045934F
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 004593B9
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459420
                                                                                        Strings
                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 004593D3
                                                                                        • v2.0.50727, xrefs: 004593AB
                                                                                        • .NET Framework not found, xrefs: 0045946D
                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045936C
                                                                                        • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 00459302
                                                                                        • v1.1.4322, xrefs: 00459412
                                                                                        • v4.0.30319, xrefs: 00459341
                                                                                        • .NET Framework version %s not found, xrefs: 00459459
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$Open
                                                                                        • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                        • API String ID: 2976201327-446240816
                                                                                        • Opcode ID: 54e34cd44602b93ede3f7296a9310ab82d879df4d5c444ac47c898e8d614a2f1
                                                                                        • Instruction ID: 97f3333ca529404cdccdc0b2d9ed50ca34310147e07c283222f48f4afab481b6
                                                                                        • Opcode Fuzzy Hash: 54e34cd44602b93ede3f7296a9310ab82d879df4d5c444ac47c898e8d614a2f1
                                                                                        • Instruction Fuzzy Hash: 7551B331A04144DBCB04DFA8D8A17EE77B6DB49305F54447BA841DB392E73D9E0ACB18
                                                                                        APIs
                                                                                        • CloseHandle.KERNEL32(?), ref: 004588CB
                                                                                        • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 004588E7
                                                                                        • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 004588F5
                                                                                        • GetExitCodeProcess.KERNEL32(?), ref: 00458906
                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0045894D
                                                                                        • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458969
                                                                                        Strings
                                                                                        • Stopping 64-bit helper process. (PID: %u), xrefs: 004588BD
                                                                                        • Helper process exited., xrefs: 00458915
                                                                                        • Helper process exited, but failed to get exit code., xrefs: 0045893F
                                                                                        • Helper isn't responding; killing it., xrefs: 004588D7
                                                                                        • Helper process exited with failure code: 0x%x, xrefs: 00458933
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                        • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                        • API String ID: 3355656108-1243109208
                                                                                        • Opcode ID: 73dbfa3cdad617e305c3f832d4c000a78a7b9bdfac17e51cf2f5e1c942fa38a0
                                                                                        • Instruction ID: 059a586d5f9fe809614c5be1e0bb00d3bdcd38e01f6b882276f5f7501e11c42c
                                                                                        • Opcode Fuzzy Hash: 73dbfa3cdad617e305c3f832d4c000a78a7b9bdfac17e51cf2f5e1c942fa38a0
                                                                                        • Instruction Fuzzy Hash: 4C2130706087409AD720E67AC485B6B76D4AF08305F00C82FB9DAE7693DE78E848D75B
                                                                                        APIs
                                                                                          • Part of subcall function 0042DDE4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                        • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045464F
                                                                                        • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045478B
                                                                                          • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                        Strings
                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454567
                                                                                        • RegCreateKeyEx, xrefs: 004545C3
                                                                                        • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454597
                                                                                        • , xrefs: 004545B1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFormatMessageQueryValue
                                                                                        • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                        • API String ID: 2481121983-1280779767
                                                                                        • Opcode ID: 64c03f8d0974fb8baae80ac1f56f66a2074ee7a7d7e2c1940a2ac01f19c1dde8
                                                                                        • Instruction ID: cde7545684c4620c2d036396f19d9a4160a162433608d969df8f63117b7f1412
                                                                                        • Opcode Fuzzy Hash: 64c03f8d0974fb8baae80ac1f56f66a2074ee7a7d7e2c1940a2ac01f19c1dde8
                                                                                        • Instruction Fuzzy Hash: AC81FF75A00209ABDB00DFD5C981BDEB7B9EB49309F50452AF900FB282D7789A45CB69
                                                                                        APIs
                                                                                          • Part of subcall function 004538BC: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                          • Part of subcall function 004538BC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0049683D
                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00496991), ref: 0049685E
                                                                                        • CreateWindowExA.USER32(00000000,STATIC,004969A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00496885
                                                                                        • SetWindowLongA.USER32(?,000000FC,00496018), ref: 00496898
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000,STATIC,004969A0), ref: 004968C8
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0049693C
                                                                                        • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000), ref: 00496948
                                                                                          • Part of subcall function 00453D30: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                        • DestroyWindow.USER32(?,0049696B,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000,STATIC), ref: 0049695E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                        • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                        • API String ID: 1549857992-2312673372
                                                                                        • Opcode ID: 7b9aa83098eabb2dba0b70aa405a2d9f6b8f1b4b66eab831558cfba939a8a2a9
                                                                                        • Instruction ID: 93ed1b954d13302bbccf96d2c338465d3c98789abcf3618d64464ab15fb4d88f
                                                                                        • Opcode Fuzzy Hash: 7b9aa83098eabb2dba0b70aa405a2d9f6b8f1b4b66eab831558cfba939a8a2a9
                                                                                        • Instruction Fuzzy Hash: 71412C70A04608AEDF00EBA5DC42FAE7BB8EB09714F51457AF400F7291D6799A008B69
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E1C0,00000000), ref: 0042E441
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E447
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E1C0,00000000), ref: 0042E495
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressCloseHandleModuleProc
                                                                                        • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$QaE$kernel32.dll
                                                                                        • API String ID: 4190037839-2312295185
                                                                                        • Opcode ID: cc4cf932d7b220052410dacf18b487448e6dec6834fb41b85ae1fa26c47c2f69
                                                                                        • Instruction ID: f42d7e7755912f49377b3a3c2778cbb45b18f2cdc7334bb7b0fb93ca3fe573dd
                                                                                        • Opcode Fuzzy Hash: cc4cf932d7b220052410dacf18b487448e6dec6834fb41b85ae1fa26c47c2f69
                                                                                        • Instruction Fuzzy Hash: E8213230B10225BBDB10EAE6DC51B9E76B8EB44308F90447BA504E7281E77CDE419B5C
                                                                                        APIs
                                                                                        • GetActiveWindow.USER32 ref: 00462870
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462884
                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462891
                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0046289E
                                                                                        • GetWindowRect.USER32(?,00000000), ref: 004628EA
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462928
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                        • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                        • API String ID: 2610873146-3407710046
                                                                                        • Opcode ID: 963cd5e9bec20ae9785dbab648af90e3917fdde5ac028f1e20745c9c218af8a1
                                                                                        • Instruction ID: fe1f68fcdb92d8fdb5b24afc8a588ee1dd3fc27577eab862170fec9bd430383f
                                                                                        • Opcode Fuzzy Hash: 963cd5e9bec20ae9785dbab648af90e3917fdde5ac028f1e20745c9c218af8a1
                                                                                        • Instruction Fuzzy Hash: 4621C5B5301B056BD301EA648D41F3B3699EBC4714F05052AF944DB3C6E6B8EC048B9A
                                                                                        APIs
                                                                                        • GetActiveWindow.USER32 ref: 0042F194
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A8
                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1B5
                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1C2
                                                                                        • GetWindowRect.USER32(?,00000000), ref: 0042F20E
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F24C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                        • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                        • API String ID: 2610873146-3407710046
                                                                                        • Opcode ID: fe4f6826bb7301b99e83fbe15c42cc49c8205db95b757379d9683ee99bf223cf
                                                                                        • Instruction ID: 50a2e38ba83faf67dd7c56e8d7733487d454ef14a416094e89dadcccf0bf0910
                                                                                        • Opcode Fuzzy Hash: fe4f6826bb7301b99e83fbe15c42cc49c8205db95b757379d9683ee99bf223cf
                                                                                        • Instruction Fuzzy Hash: 3821F279704710ABD300EA68ED41F3B37A9DB89714F88457AF944DB382DA79EC044BA9
                                                                                        APIs
                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458C4B,?,00000000,00458CAE,?,?,02163858,00000000), ref: 00458AC9
                                                                                        • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02163858,?,00000000,00458BE0,?,00000000,00000001,00000000,00000000,00000000,00458C4B), ref: 00458B26
                                                                                        • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02163858,?,00000000,00458BE0,?,00000000,00000001,00000000,00000000,00000000,00458C4B), ref: 00458B33
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00458B7F
                                                                                        • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458BB9,?,-00000020,0000000C,-00004034,00000014,02163858,?,00000000,00458BE0,?,00000000), ref: 00458BA5
                                                                                        • GetLastError.KERNEL32(?,?,00000000,00000001,00458BB9,?,-00000020,0000000C,-00004034,00000014,02163858,?,00000000,00458BE0,?,00000000), ref: 00458BAC
                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                        • String ID: CreateEvent$TransactNamedPipe
                                                                                        • API String ID: 2182916169-3012584893
                                                                                        • Opcode ID: 971ff5326f64256da56b2a3a5e971e3af97d4d6353f8bcf162cac826e6801041
                                                                                        • Instruction ID: 4e8b515c978fc0f7227371b00e454fc29eb41545a574c41675fd698137751177
                                                                                        • Opcode Fuzzy Hash: 971ff5326f64256da56b2a3a5e971e3af97d4d6353f8bcf162cac826e6801041
                                                                                        • Instruction Fuzzy Hash: D74185B1A00608AFDB15DF95CD41F9EB7F8FB48715F10406AF900F7292CA78AE44CA68
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456CD1,?,?,00000031,?), ref: 00456B94
                                                                                        • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456B9A
                                                                                        • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456BE7
                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                        • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                        • API String ID: 1914119943-2711329623
                                                                                        • Opcode ID: ee3ea3d82efd4fb2b54eebd443786074e6cae9edf60e5ac548ea64bc7aca37c1
                                                                                        • Instruction ID: 513f35abe53900720ade907ad6bd055a7f67a8f7377afb521354ad4100752fe6
                                                                                        • Opcode Fuzzy Hash: ee3ea3d82efd4fb2b54eebd443786074e6cae9edf60e5ac548ea64bc7aca37c1
                                                                                        • Instruction Fuzzy Hash: 54319671700604AFDB02EFAACD51D5BB7BDEB8974575284A6BC04D3752DA38DD04C728
                                                                                        APIs
                                                                                        • RectVisible.GDI32(?,?), ref: 00416E13
                                                                                        • SaveDC.GDI32(?), ref: 00416E27
                                                                                        • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E4A
                                                                                        • RestoreDC.GDI32(?,?), ref: 00416E65
                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00416EE5
                                                                                        • FrameRect.USER32(?,?,?), ref: 00416F18
                                                                                        • DeleteObject.GDI32(?), ref: 00416F22
                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00416F32
                                                                                        • FrameRect.USER32(?,?,?), ref: 00416F65
                                                                                        • DeleteObject.GDI32(?), ref: 00416F6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                        • String ID:
                                                                                        • API String ID: 375863564-0
                                                                                        • Opcode ID: 35a16e57ef2060bc5b86dfaf9fb4dd0844c8f61540c1a86612a76d2e62787fd3
                                                                                        • Instruction ID: c082a38e55a2621cff38c0036c5e412d4739722926df34ebe37a7eff5f7859fc
                                                                                        • Opcode Fuzzy Hash: 35a16e57ef2060bc5b86dfaf9fb4dd0844c8f61540c1a86612a76d2e62787fd3
                                                                                        • Instruction Fuzzy Hash: 70515A712086459FDB50EF69C8C4B9B77E8AF48314F15466AFD488B286C738EC81CB99
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                        • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                        • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                        • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                        • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                        • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                        • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                        • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                        • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                        • String ID:
                                                                                        • API String ID: 1694776339-0
                                                                                        • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                        • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                        • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                        • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                        APIs
                                                                                        • GetSystemMenu.USER32(00000000,00000000), ref: 00422233
                                                                                        • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422251
                                                                                        • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042225E
                                                                                        • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226B
                                                                                        • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422278
                                                                                        • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422285
                                                                                        • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00422292
                                                                                        • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 0042229F
                                                                                        • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222BD
                                                                                        • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Delete$EnableItem$System
                                                                                        • String ID:
                                                                                        • API String ID: 3985193851-0
                                                                                        • Opcode ID: d8fcfd45993f68361b05288e300d90e061abaf0c01acb012dac33f8cfd749464
                                                                                        • Instruction ID: 662ae76830c3dbb110fd6952920e185112f137d20e740dc0dcce1beff7d7cd05
                                                                                        • Opcode Fuzzy Hash: d8fcfd45993f68361b05288e300d90e061abaf0c01acb012dac33f8cfd749464
                                                                                        • Instruction Fuzzy Hash: AF2144703407047AE720E724CD8BF9BBBD89B04708F5451A5BA487F6D3C6F9AB804698
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(10000000), ref: 004814F5
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00481509
                                                                                        • SendNotifyMessageA.USER32(00020456,00000496,00002710,00000000), ref: 0048157B
                                                                                        Strings
                                                                                        • Not restarting Windows because Setup is being run from the debugger., xrefs: 0048152A
                                                                                        • Deinitializing Setup., xrefs: 00481356
                                                                                        • DeinitializeSetup, xrefs: 004813F1
                                                                                        • GetCustomSetupExitCode, xrefs: 00481395
                                                                                        • Restarting Windows., xrefs: 00481556
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary$MessageNotifySend
                                                                                        • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                        • API String ID: 3817813901-1884538726
                                                                                        • Opcode ID: 7fd84dd053b4401f5bdf0ca771466cc8f90a001c2e291a6a881faa6dba982769
                                                                                        • Instruction ID: a147a64e5fa7f59d2c1c0707bc10c89f769f7b05bbdcd0d826f9af474dd6dcab
                                                                                        • Opcode Fuzzy Hash: 7fd84dd053b4401f5bdf0ca771466cc8f90a001c2e291a6a881faa6dba982769
                                                                                        • Instruction Fuzzy Hash: 55519F30700240AFD311EB69E8D5B6E7BA8EB59714F50887BE805C73B1DB38AC46CB59
                                                                                        APIs
                                                                                        • SHGetMalloc.SHELL32(?), ref: 0046153B
                                                                                        • GetActiveWindow.USER32 ref: 0046159F
                                                                                        • CoInitialize.OLE32(00000000), ref: 004615B3
                                                                                        • SHBrowseForFolder.SHELL32(?), ref: 004615CA
                                                                                        • CoUninitialize.OLE32(0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615DF
                                                                                        • SetActiveWindow.USER32(?,0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615F5
                                                                                        • SetActiveWindow.USER32(?,?,0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615FE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                                        • String ID: A
                                                                                        • API String ID: 2684663990-3554254475
                                                                                        • Opcode ID: 703f1963e0dc72a1c395d9026068ceb343fdf60ef3171849bb259b064323ba87
                                                                                        • Instruction ID: 8a944d3e7b26c7d839f1ecf9cf32de2b38f87d5f920ef02beae42f78277bfb86
                                                                                        • Opcode Fuzzy Hash: 703f1963e0dc72a1c395d9026068ceb343fdf60ef3171849bb259b064323ba87
                                                                                        • Instruction Fuzzy Hash: 62312D70E00358AFDB00EFA6D885A9EBBF8EB09304F55847AF405E7251E7789A048B59
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000,?,00472B89,?,?,00000000,00472DF8), ref: 00472890
                                                                                          • Part of subcall function 0042CD94: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE0A
                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000,?,00472B89), ref: 00472907
                                                                                        • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000), ref: 0047290D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                        • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                        • API String ID: 884541143-1710247218
                                                                                        • Opcode ID: 8c120786a4ea8c92214831f90170699f67ddada7000dc7cca521b0e92e4fa8e9
                                                                                        • Instruction ID: c9f0bcdda41dfe4bc4fb8c2ad9af4abf79d42ba832169be77a83c6f088ccd444
                                                                                        • Opcode Fuzzy Hash: 8c120786a4ea8c92214831f90170699f67ddada7000dc7cca521b0e92e4fa8e9
                                                                                        • Instruction Fuzzy Hash: A711D0F07005147BD701F66A8D82BAFB2ACDB49714F65807BB604B72C1DB7CAE01865C
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D10D
                                                                                        • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D11D
                                                                                        • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D12D
                                                                                        • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D13D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                        • API String ID: 190572456-3516654456
                                                                                        • Opcode ID: 642f53b55b6c69fa488a6078c858724ccece433db3f4d1a063b28ca439a42b30
                                                                                        • Instruction ID: 41a921eeb660c13fccdf509460c8c4a7353affed60c98b376863fdd8d28133a2
                                                                                        • Opcode Fuzzy Hash: 642f53b55b6c69fa488a6078c858724ccece433db3f4d1a063b28ca439a42b30
                                                                                        • Instruction Fuzzy Hash: 1A01FFB0D00B00DAE724EFB69D9572736A5AB64306F14C03B9C09962A6D7790858DF6C
                                                                                        APIs
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041A9B9
                                                                                        • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041A9F3
                                                                                        • SetBkColor.GDI32(?,?), ref: 0041AA08
                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA52
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5D
                                                                                        • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA6D
                                                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAAC
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041AAB6
                                                                                        • SetBkColor.GDI32(00000000,?), ref: 0041AAC3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$StretchText
                                                                                        • String ID:
                                                                                        • API String ID: 2984075790-0
                                                                                        • Opcode ID: d922b450a47b78d2b04aec2ac0d2e0f837e00e48c8544b253d9025e975fd03f1
                                                                                        • Instruction ID: 4467ea82dd13d464879b0bd0dd0607b47ee3045dce17e21d2c6451b7f26a8ea4
                                                                                        • Opcode Fuzzy Hash: d922b450a47b78d2b04aec2ac0d2e0f837e00e48c8544b253d9025e975fd03f1
                                                                                        • Instruction Fuzzy Hash: 8761E5B5A00505AFCB40EFADD985E9AB7F8EF08314B10816AF908DB262C775ED40CF58
                                                                                        APIs
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                        • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,004580C8,?, /s ",?,regsvr32.exe",?,004580C8), ref: 0045803A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseDirectoryHandleSystem
                                                                                        • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                        • API String ID: 2051275411-1862435767
                                                                                        • Opcode ID: d723b4d4e63128474f1a7954f42046bb5ea4c3ccf1ebb930fe5345dfcc04232a
                                                                                        • Instruction ID: e9c79437d4df6862de8c7cd7f55e60b8630b5ed7fadd4497393df937d865c406
                                                                                        • Opcode Fuzzy Hash: d723b4d4e63128474f1a7954f42046bb5ea4c3ccf1ebb930fe5345dfcc04232a
                                                                                        • Instruction Fuzzy Hash: AA410670A043086BDB11EFD6D842B8EB7B9AF45705F51407FA904BB292DF789A0D8B19
                                                                                        APIs
                                                                                        • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A9
                                                                                        • GetSysColor.USER32(00000014), ref: 0044D1B0
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C8
                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1F1
                                                                                        • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1FB
                                                                                        • GetSysColor.USER32(00000010), ref: 0044D202
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0044D21A
                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D243
                                                                                        • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D26E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Text$Color$Draw$OffsetRect
                                                                                        • String ID:
                                                                                        • API String ID: 1005981011-0
                                                                                        • Opcode ID: 4054566e8ba3b89cdd91132f39c510e9855df1fb138f21794d8e69447c138b72
                                                                                        • Instruction ID: 8406a00effd73db105afccad7da3796984cf264811f0ddac3e5cace4e0ac1d2b
                                                                                        • Opcode Fuzzy Hash: 4054566e8ba3b89cdd91132f39c510e9855df1fb138f21794d8e69447c138b72
                                                                                        • Instruction Fuzzy Hash: A021BDB42015047FC710FB2ACD8AE8B6BDCDF19319B05457AB958EB292C67CDD404668
                                                                                        APIs
                                                                                          • Part of subcall function 004776B4: GetWindowThreadProcessId.USER32(00000000), ref: 004776BC
                                                                                          • Part of subcall function 004776B4: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004777B3,0049C0A4,00000000), ref: 004776CF
                                                                                          • Part of subcall function 004776B4: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004776D5
                                                                                        • SendMessageA.USER32(00000000,0000004A,00000000,F{G), ref: 004777C1
                                                                                        • GetTickCount.KERNEL32 ref: 00477806
                                                                                        • GetTickCount.KERNEL32 ref: 00477810
                                                                                        • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00477865
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                        • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d$F{G
                                                                                        • API String ID: 613034392-3657229555
                                                                                        • Opcode ID: 6d97cf5564b98f17fd9f3b8579433905f0e6c95bef7ad8bee9a9e7eacc473beb
                                                                                        • Instruction ID: 2d480610a6b59e2baa88e371a3ce18c9cee9fe0f547c40ec3b8b85eb822a561a
                                                                                        • Opcode Fuzzy Hash: 6d97cf5564b98f17fd9f3b8579433905f0e6c95bef7ad8bee9a9e7eacc473beb
                                                                                        • Instruction Fuzzy Hash: CB31A234F042159ADB10EBB9C8867EE76A1AB44314F90847BF548EB392D67C9D01CBAD
                                                                                        APIs
                                                                                          • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                        • GetWindowThreadProcessId.USER32(00000000,?), ref: 004960F5
                                                                                        • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00496109
                                                                                        • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00496123
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0049612F
                                                                                        • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496135
                                                                                        • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496148
                                                                                        Strings
                                                                                        • Deleting Uninstall data files., xrefs: 0049606B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                        • String ID: Deleting Uninstall data files.
                                                                                        • API String ID: 1570157960-2568741658
                                                                                        • Opcode ID: 1c14f06cf20906d6098757f7c161041ddb556eb254dcbfb897c76230ada43d7f
                                                                                        • Instruction ID: a2b0394162f9d438edd1a59a6b8f88e08a82a6f464fdedc4f7b2e31c99877ff7
                                                                                        • Opcode Fuzzy Hash: 1c14f06cf20906d6098757f7c161041ddb556eb254dcbfb897c76230ada43d7f
                                                                                        • Instruction Fuzzy Hash: 5F218570304250AFEB10EB7AFCC6B163798EB54728F52453BB505962D3D67CAC04CA6C
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0047016D,?,?,?,?,00000000), ref: 004700D7
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0047016D), ref: 004700EE
                                                                                        • AddFontResourceA.GDI32(00000000), ref: 0047010B
                                                                                        • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0047011F
                                                                                        Strings
                                                                                        • Failed to open Fonts registry key., xrefs: 004700F5
                                                                                        • AddFontResource, xrefs: 00470129
                                                                                        • Failed to set value in Fonts registry key., xrefs: 004700E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                        • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                        • API String ID: 955540645-649663873
                                                                                        • Opcode ID: fb5005e48ab5c7daaaac94a0dc4afa742b509cb9d69f51cda3f3c10b282e3f45
                                                                                        • Instruction ID: 4679b390ee7f38cc50779b5755f8f256d37ac4db7264feb969586a41c0613652
                                                                                        • Opcode Fuzzy Hash: fb5005e48ab5c7daaaac94a0dc4afa742b509cb9d69f51cda3f3c10b282e3f45
                                                                                        • Instruction Fuzzy Hash: 1E21F470741204BBD710EA669C42FAE779DDB45704F908077B904EB3C2DA7DEE01962D
                                                                                        APIs
                                                                                          • Part of subcall function 00416410: GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                          • Part of subcall function 00416410: UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                          • Part of subcall function 00416410: RegisterClassA.USER32(?), ref: 004164CE
                                                                                        • GetVersion.KERNEL32 ref: 00462CD4
                                                                                        • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00462D12
                                                                                        • SHGetFileInfo.SHELL32(00462DB0,00000000,?,00000160,00004011), ref: 00462D2F
                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 00462D4D
                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00462DB0,00000000,?,00000160,00004011), ref: 00462D53
                                                                                        • SetCursor.USER32(?,00462D93,00007F02,00462DB0,00000000,?,00000160,00004011), ref: 00462D86
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                        • String ID: Explorer
                                                                                        • API String ID: 2594429197-512347832
                                                                                        • Opcode ID: b2508eec98d805366e2f4507ea44d46b961a44d372cb9f0a28019716940d75e3
                                                                                        • Instruction ID: 9dbbc9fa048eb90f76178aab56daef4cc46522196ca1757d39461a436d1c0ce4
                                                                                        • Opcode Fuzzy Hash: b2508eec98d805366e2f4507ea44d46b961a44d372cb9f0a28019716940d75e3
                                                                                        • Instruction Fuzzy Hash: A521D2707403047AE711BB758D47B9A36989B09708F5004BFF608EA2C3EEBC9801866E
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EA9
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477EAF
                                                                                        • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EC2
                                                                                        • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02162BDC,?,?,?,02162BDC), ref: 00477EEC
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,02162BDC,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477F0A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                        • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                        • API String ID: 2704155762-2318956294
                                                                                        • Opcode ID: 4ac9b8a734794afedd7c4e5dff1684406e57be29ff440d920efac7cf7b76c0e4
                                                                                        • Instruction ID: 07fb0e6c3cbff21d125a0516fcac6af2f028e938fd8349bed9720d5bfc433141
                                                                                        • Opcode Fuzzy Hash: 4ac9b8a734794afedd7c4e5dff1684406e57be29ff440d920efac7cf7b76c0e4
                                                                                        • Instruction Fuzzy Hash: 2101B55074870536E520316A5E86FBF648C8B5477DF548137FB1CEE2D2E9AC9D06026E
                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                                        • LocalFree.KERNEL32(0066E7E8,00000000,00401B68), ref: 00401ACF
                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,0066E7E8,00000000,00401B68), ref: 00401AEE
                                                                                        • LocalFree.KERNEL32(0066F7E8,?,00000000,00008000,0066E7E8,00000000,00401B68), ref: 00401B2D
                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                                        • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                        • String ID: f
                                                                                        • API String ID: 3782394904-3739981918
                                                                                        • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                        • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                                        • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                        • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,00459DDE,?,00000000,00000000,00000000,?,00000006,?,00000000,004973CD,?,00000000,00497470), ref: 00459D22
                                                                                          • Part of subcall function 004543F4: FindClose.KERNEL32(000000FF,004544EA), ref: 004544D9
                                                                                        Strings
                                                                                        • Failed to delete directory (%d). Will retry later., xrefs: 00459D3B
                                                                                        • Failed to strip read-only attribute., xrefs: 00459CF0
                                                                                        • Stripped read-only attribute., xrefs: 00459CE4
                                                                                        • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459D97
                                                                                        • Failed to delete directory (%d)., xrefs: 00459DB8
                                                                                        • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459CFC
                                                                                        • Deleting directory: %s, xrefs: 00459CAB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseErrorFindLast
                                                                                        • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                        • API String ID: 754982922-1448842058
                                                                                        • Opcode ID: 8aabd4c25723369bf9534759df9b588e5f8490088031ca791ae669e8a2666fca
                                                                                        • Instruction ID: 5a692d040748e25b342bfc59b5c440c53b4552d2faa6a9747d6521fe41ba2a01
                                                                                        • Opcode Fuzzy Hash: 8aabd4c25723369bf9534759df9b588e5f8490088031ca791ae669e8a2666fca
                                                                                        • Instruction Fuzzy Hash: 69419330A04248DACB10DB6A98417AE76B59F8530AF54857BAC05E7383DB7C8D0DC75D
                                                                                        APIs
                                                                                        • GetCapture.USER32 ref: 00422EA4
                                                                                        • GetCapture.USER32 ref: 00422EB3
                                                                                        • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EB9
                                                                                        • ReleaseCapture.USER32 ref: 00422EBE
                                                                                        • GetActiveWindow.USER32 ref: 00422ECD
                                                                                        • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F4C
                                                                                        • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FB0
                                                                                        • GetActiveWindow.USER32 ref: 00422FBF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                        • String ID:
                                                                                        • API String ID: 862346643-0
                                                                                        • Opcode ID: 3da4ec300de865232a3f60c9f80223c2bbe2427c246ff190c68097af5e341dae
                                                                                        • Instruction ID: c6261992695b47722d84ffa44129b55dc5b2a4dad2f70b0012283783c1c7b094
                                                                                        • Opcode Fuzzy Hash: 3da4ec300de865232a3f60c9f80223c2bbe2427c246ff190c68097af5e341dae
                                                                                        • Instruction Fuzzy Hash: 24417230B00245AFDB10EB69DA86B9E77F1EF44304F5540BAF404AB2A2D778AE40DB49
                                                                                        APIs
                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0042F2BA
                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0042F2D1
                                                                                        • GetActiveWindow.USER32 ref: 0042F2DA
                                                                                        • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F307
                                                                                        • SetActiveWindow.USER32(?,0042F437,00000000,?), ref: 0042F328
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveLong$Message
                                                                                        • String ID:
                                                                                        • API String ID: 2785966331-0
                                                                                        • Opcode ID: ca0cfe640851e4463c520fee9942c9233ac98ecb3d765a436798e71af7845e74
                                                                                        • Instruction ID: ac844ef734d24c76dc9aa96f201b13a865b129e9c1b137beabd8cb6517960092
                                                                                        • Opcode Fuzzy Hash: ca0cfe640851e4463c520fee9942c9233ac98ecb3d765a436798e71af7845e74
                                                                                        • Instruction Fuzzy Hash: F931D271A00254AFEB01EFA5DD52E6EBBB8EB09304F9144BAF804E3291D73C9D10CB58
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0042948A
                                                                                        • GetTextMetricsA.GDI32(00000000), ref: 00429493
                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004294A2
                                                                                        • GetTextMetricsA.GDI32(00000000,?), ref: 004294AF
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004294B6
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 004294BE
                                                                                        • GetSystemMetrics.USER32(00000006), ref: 004294E3
                                                                                        • GetSystemMetrics.USER32(00000006), ref: 004294FD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                                                        • String ID:
                                                                                        • API String ID: 1583807278-0
                                                                                        • Opcode ID: 62880ac9d08e5d684fd074e0f3ca61438eede96ade4d4e291019075c7fd144c0
                                                                                        • Instruction ID: 8a5b62ad3b2811282b00f4aa11bc4c2c065e9b9ae855548013837f5c18493421
                                                                                        • Opcode Fuzzy Hash: 62880ac9d08e5d684fd074e0f3ca61438eede96ade4d4e291019075c7fd144c0
                                                                                        • Instruction Fuzzy Hash: 0F01C4A17087103BE321767A9CC6F6F65C8DB44358F84043BF686D63D3D96C9C41866A
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0041DE27
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041DE31
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041DE3E
                                                                                        • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE4D
                                                                                        • GetStockObject.GDI32(00000007), ref: 0041DE5B
                                                                                        • GetStockObject.GDI32(00000005), ref: 0041DE67
                                                                                        • GetStockObject.GDI32(0000000D), ref: 0041DE73
                                                                                        • LoadIconA.USER32(00000000,00007F00), ref: 0041DE84
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                                                        • String ID:
                                                                                        • API String ID: 225703358-0
                                                                                        • Opcode ID: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                        • Instruction ID: 282f56568f1177e4dad385ec7f61a974d29090d827cf1f87eb40c920fa9ca7e8
                                                                                        • Opcode Fuzzy Hash: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                        • Instruction Fuzzy Hash: 4C1142706457015EE340BFA66E52B6A36A4D725708F40413FF609AF3D1D77A2C448B9E
                                                                                        APIs
                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 004631B8
                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046324D), ref: 004631BE
                                                                                        • SetCursor.USER32(?,00463235,00007F02,00000000,0046324D), ref: 00463228
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$Load
                                                                                        • String ID: $ $Internal error: Item already expanding
                                                                                        • API String ID: 1675784387-1948079669
                                                                                        • Opcode ID: 9a907484170bb085a46c4a598b93bfbbd2bc194262705c34c2f461fc244cfbd4
                                                                                        • Instruction ID: 06b17efc2869e1117ca0a97e11558f018c2dd138a4dd01a316207194f11c04f7
                                                                                        • Opcode Fuzzy Hash: 9a907484170bb085a46c4a598b93bfbbd2bc194262705c34c2f461fc244cfbd4
                                                                                        • Instruction Fuzzy Hash: 74B1B430A00284DFD711DF69C585B9EBBF0BF04305F1484AAE8459B792DB78EE45CB16
                                                                                        APIs
                                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: PrivateProfileStringWrite
                                                                                        • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                        • API String ID: 390214022-3304407042
                                                                                        • Opcode ID: 4acafb8f8444067680350d3d4e03481623aa06ca7574397e5033f2f4cf45a0b5
                                                                                        • Instruction ID: 4c4b1d7f09994941c57eaafc4db68242d6a3f6c21ecd3f2b5b8f846a746055a2
                                                                                        • Opcode Fuzzy Hash: 4acafb8f8444067680350d3d4e03481623aa06ca7574397e5033f2f4cf45a0b5
                                                                                        • Instruction Fuzzy Hash: 40911434E002099BDB01EFA5D842BDEB7F5AF4874AF608466E90077392D7786E49CB58
                                                                                        APIs
                                                                                        • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004767C9
                                                                                        • SetWindowLongW.USER32(00000000,000000FC,00476724), ref: 004767F0
                                                                                        • GetACP.KERNEL32(00000000,00476A08,?,00000000,00476A32), ref: 0047682D
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00476873
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassInfoLongMessageSendWindow
                                                                                        • String ID: COMBOBOX$Inno Setup: Language
                                                                                        • API String ID: 3391662889-4234151509
                                                                                        • Opcode ID: 7b097581a500be05759954e33284123b2b89370f46c26a428eff7c4db0c5a69c
                                                                                        • Instruction ID: bb27e68bfa0a4e6e36c1c9b1f46c00cfa2f47713d75b81585866a7fa3ef15c14
                                                                                        • Opcode Fuzzy Hash: 7b097581a500be05759954e33284123b2b89370f46c26a428eff7c4db0c5a69c
                                                                                        • Instruction Fuzzy Hash: C0813F746006059FC710EF69D885AEAB7F2FB09304F16C1BAE848E7362D738AD45CB59
                                                                                        APIs
                                                                                        • GetSystemDefaultLCID.KERNEL32(00000000,00408968,?,?,?,?,00000000,00000000,00000000,?,0040996F,00000000,00409982), ref: 0040873A
                                                                                          • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                          • Part of subcall function 004085B4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087B6,?,?,?,00000000,00408968), ref: 004085C7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoLocale$DefaultSystem
                                                                                        • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                        • API String ID: 1044490935-665933166
                                                                                        • Opcode ID: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                        • Instruction ID: 5c6fde8006682913ecab3173e7335377554a92ac61a87523d81808753b4ec1a9
                                                                                        • Opcode Fuzzy Hash: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                        • Instruction Fuzzy Hash: 7D516C24B00108ABDB01FBA69E4169EB7A9DB94308F50C07FA181BB3C3CE3DDA05975D
                                                                                        APIs
                                                                                        • GetVersion.KERNEL32(00000000,004118F9), ref: 0041178C
                                                                                        • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041184A
                                                                                          • Part of subcall function 00411AAC: CreatePopupMenu.USER32 ref: 00411AC6
                                                                                        • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118D6
                                                                                          • Part of subcall function 00411AAC: CreateMenu.USER32 ref: 00411AD0
                                                                                        • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118BD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                        • String ID: ,$?
                                                                                        • API String ID: 2359071979-2308483597
                                                                                        • Opcode ID: b9a2b6ccc88d9caa62c3975205c07352f987ccdbf84bf9e0cd5a88eec52abf91
                                                                                        • Instruction ID: ecf66c9774bccec907b621c371347452b74b7622051e058d8a4a73451c3e974f
                                                                                        • Opcode Fuzzy Hash: b9a2b6ccc88d9caa62c3975205c07352f987ccdbf84bf9e0cd5a88eec52abf91
                                                                                        • Instruction Fuzzy Hash: D7510674A00245ABDB10EF6ADC816EA7BF9AF09304B11857BF904E73A6D738DD41CB58
                                                                                        APIs
                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 0041BF28
                                                                                        • GetObjectA.GDI32(?,00000018,?), ref: 0041BF37
                                                                                        • GetBitmapBits.GDI32(?,?,?), ref: 0041BF88
                                                                                        • GetBitmapBits.GDI32(?,?,?), ref: 0041BF96
                                                                                        • DeleteObject.GDI32(?), ref: 0041BF9F
                                                                                        • DeleteObject.GDI32(?), ref: 0041BFA8
                                                                                        • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFC5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                        • String ID:
                                                                                        • API String ID: 1030595962-0
                                                                                        • Opcode ID: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                        • Instruction ID: 74cae3b7aa7aab4ce12a2fbd062d204c5c4082198076ec6df892ad84fd278e80
                                                                                        • Opcode Fuzzy Hash: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                        • Instruction Fuzzy Hash: 6A510671A002199FCB10DFA9C9819EEB7F9EF48314B11416AF914E7395D738AD41CB68
                                                                                        APIs
                                                                                        • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEFE
                                                                                        • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041CF1D
                                                                                        • SelectPalette.GDI32(?,?,00000001), ref: 0041CF83
                                                                                        • RealizePalette.GDI32(?), ref: 0041CF92
                                                                                        • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFFC
                                                                                        • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D03A
                                                                                        • SelectPalette.GDI32(?,?,00000001), ref: 0041D05F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                                                        • String ID:
                                                                                        • API String ID: 2222416421-0
                                                                                        • Opcode ID: c6a16a19dcf28552bada6898b81586dc49cb1edacb7efb66bca37046f5d7e7da
                                                                                        • Instruction ID: 4b814cf558339e083a7fb5ccd56fb4ffad9fd0a27a4bfdacf16c2dd2476febac
                                                                                        • Opcode Fuzzy Hash: c6a16a19dcf28552bada6898b81586dc49cb1edacb7efb66bca37046f5d7e7da
                                                                                        • Instruction Fuzzy Hash: D2515EB0604200AFDB14DFA8C985F9BBBE9EF08304F10459AB549DB292C778ED81CB58
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,?,?), ref: 0045717A
                                                                                          • Part of subcall function 0042427C: GetWindowTextA.USER32(?,?,00000100), ref: 0042429C
                                                                                          • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                          • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                        • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004571E1
                                                                                        • TranslateMessage.USER32(?), ref: 004571FF
                                                                                        • DispatchMessageA.USER32(?), ref: 00457208
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                                                        • String ID: [Paused]
                                                                                        • API String ID: 1007367021-4230553315
                                                                                        • Opcode ID: fd37f0685e9949bc630816f418b91ae10989fde9f4c26f7dfdebc9041f05c988
                                                                                        • Instruction ID: 9c65c5789669556775cb04b7d8b700a3e8427f17a0623b42c67a15115a154b53
                                                                                        • Opcode Fuzzy Hash: fd37f0685e9949bc630816f418b91ae10989fde9f4c26f7dfdebc9041f05c988
                                                                                        • Instruction Fuzzy Hash: 3A3196309082449EDB11DFB5EC81FDEBBB8EB49314F5580B7F800E7292D6389909CB69
                                                                                        APIs
                                                                                        • GetCursor.USER32(00000000,0046B3D3), ref: 0046B350
                                                                                        • LoadCursorA.USER32(00000000,00007F02), ref: 0046B35E
                                                                                        • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B364
                                                                                        • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B36E
                                                                                        • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B374
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$LoadSleep
                                                                                        • String ID: CheckPassword
                                                                                        • API String ID: 4023313301-1302249611
                                                                                        • Opcode ID: 9ec6fbb627a2037d8b10d3b03f13e16da416f17f6db7f06dbaba65bff406c05b
                                                                                        • Instruction ID: 12e539274ef1f9e2a04eba0c68275a436143f563f239c7c10787bf1112b5c925
                                                                                        • Opcode Fuzzy Hash: 9ec6fbb627a2037d8b10d3b03f13e16da416f17f6db7f06dbaba65bff406c05b
                                                                                        • Instruction Fuzzy Hash: 883140347402449FD711DB69C899B9A7BE4EB05304F5580B6BC44DB392D7789E80CB99
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045968F
                                                                                        Strings
                                                                                        • Failed to load .NET Framework DLL "%s", xrefs: 00459674
                                                                                        • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045969A
                                                                                        • .NET Framework CreateAssemblyCache function failed, xrefs: 004596B2
                                                                                        • CreateAssemblyCache, xrefs: 00459686
                                                                                        • Fusion.dll, xrefs: 0045962F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                        • API String ID: 190572456-3990135632
                                                                                        • Opcode ID: c76a925808990de0a4edfa3a9bd9e2f18b95e6c6c4d3f27ecf656a26428a2687
                                                                                        • Instruction ID: 16de9e68b372fd706bfdce8394bce33e03e331de8444419fbf47e642e04e3cf3
                                                                                        • Opcode Fuzzy Hash: c76a925808990de0a4edfa3a9bd9e2f18b95e6c6c4d3f27ecf656a26428a2687
                                                                                        • Instruction Fuzzy Hash: E1318B71E10605EBCB01EFA9C88159EB7B4EF44315F50857BE814E7382DB389E08C799
                                                                                        APIs
                                                                                          • Part of subcall function 0041C048: GetObjectA.GDI32(?,00000018), ref: 0041C055
                                                                                        • GetFocus.USER32 ref: 0041C168
                                                                                        • GetDC.USER32(?), ref: 0041C174
                                                                                        • SelectPalette.GDI32(?,?,00000000), ref: 0041C195
                                                                                        • RealizePalette.GDI32(?), ref: 0041C1A1
                                                                                        • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B8
                                                                                        • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C1E0
                                                                                        • ReleaseDC.USER32(?,?), ref: 0041C1ED
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                                                        • String ID:
                                                                                        • API String ID: 3303097818-0
                                                                                        • Opcode ID: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                        • Instruction ID: 25a0b6576c779426e59073023ceed4ef49f3845c1b310514cd4f08ef327de147
                                                                                        • Opcode Fuzzy Hash: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                        • Instruction Fuzzy Hash: 49116D71A44604BFDF10DBE9CC81FAFB7FCEB48700F50486AB518E7281DA7899008B28
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000000E), ref: 00418C70
                                                                                        • GetSystemMetrics.USER32(0000000D), ref: 00418C78
                                                                                        • 6F532980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C7E
                                                                                          • Part of subcall function 004107F8: 6F52C400.COMCTL32(0049B628,000000FF,00000000,00418CAC,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004107FC
                                                                                        • 6F59CB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CCE
                                                                                        • 6F59C740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD9
                                                                                        • 6F59CB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000), ref: 00418CEC
                                                                                        • 6F530860.COMCTL32(0049B628,00418D0F,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E), ref: 00418D02
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem$C400C740F530860F532980
                                                                                        • String ID:
                                                                                        • API String ID: 209721339-0
                                                                                        • Opcode ID: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                        • Instruction ID: f48c8f8e6a400555c090207229051c9eae11b8a9b20c4da93df477ea8fa1a9e8
                                                                                        • Opcode Fuzzy Hash: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                        • Instruction Fuzzy Hash: 6B112475744204BBDB50EBA9EC82FAD73F8DB08704F504066B514EB2C1DAB9AD808759
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00483808), ref: 004837ED
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                        • API String ID: 47109696-2530820420
                                                                                        • Opcode ID: 6cffb51fcf675e5b5ff337e99a1a510b156e53e1e1d602fe7582bc6a3ac7d990
                                                                                        • Instruction ID: c613687e0df8eb2305741995cd8b82d1e16d8def3fb188134640bd78fd3b844b
                                                                                        • Opcode Fuzzy Hash: 6cffb51fcf675e5b5ff337e99a1a510b156e53e1e1d602fe7582bc6a3ac7d990
                                                                                        • Instruction Fuzzy Hash: 7711AFB0B00204AAD700FBA68C12A5EBAE8DB55B09F208877A800E7681E73CDB01875C
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 00495089
                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 004950AB
                                                                                        • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495629), ref: 004950BF
                                                                                        • GetTextMetricsA.GDI32(00000000,?), ref: 004950E1
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 004950FE
                                                                                        Strings
                                                                                        • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 004950B6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                                                        • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                        • API String ID: 2948443157-222967699
                                                                                        • Opcode ID: 53fe9a462762cb4918ee61071ab08c48f7ebae39ed882d9ecfdb03bcb5db6ebb
                                                                                        • Instruction ID: d310c62e5609ca3062061d10b625b1d271ae10615434581f3ecc8597d6741426
                                                                                        • Opcode Fuzzy Hash: 53fe9a462762cb4918ee61071ab08c48f7ebae39ed882d9ecfdb03bcb5db6ebb
                                                                                        • Instruction Fuzzy Hash: 76014875A04704BFDB05DBA5CC42F5EB7ECDB49714F614476F604E7281D5789E008B68
                                                                                        APIs
                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                        • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                        • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                        • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectSelect$Delete$Stretch
                                                                                        • String ID:
                                                                                        • API String ID: 1458357782-0
                                                                                        • Opcode ID: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                        • Instruction ID: 052e9154069abc57648b404522aaf552eddfcc6d95cd3388d63b7ef9ce004286
                                                                                        • Opcode Fuzzy Hash: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                        • Instruction Fuzzy Hash: 7B115C72E40619ABDB10DAD9DC86FEFB7BCEF08704F144555B614F7282C678AC418BA8
                                                                                        APIs
                                                                                        • GetCursorPos.USER32 ref: 004233AF
                                                                                        • WindowFromPoint.USER32(?,?), ref: 004233BC
                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233CA
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 004233D1
                                                                                        • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233EA
                                                                                        • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423401
                                                                                        • SetCursor.USER32(00000000), ref: 00423413
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                        • String ID:
                                                                                        • API String ID: 1770779139-0
                                                                                        • Opcode ID: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                        • Instruction ID: 22bb490dc700fc35bbf8fe9eba0271ced42fa0644d0760cf779c582944844a3d
                                                                                        • Opcode Fuzzy Hash: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                        • Instruction Fuzzy Hash: BA01D4223046103AD6217B755D82E2F26E8DB85B15F50407FF504BB283DA3D9D11937D
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll), ref: 00494EAC
                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00494EB9
                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00494EC6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModule
                                                                                        • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                        • API String ID: 667068680-2254406584
                                                                                        • Opcode ID: 86a2ddc52e299a4ebb71bf23d73df01b3b4fd34307be7bd5855d98afd1a17bd4
                                                                                        • Instruction ID: 92166a125eb2f71293346f1714c1de0d588af794120117df170beecaff70c54b
                                                                                        • Opcode Fuzzy Hash: 86a2ddc52e299a4ebb71bf23d73df01b3b4fd34307be7bd5855d98afd1a17bd4
                                                                                        • Instruction Fuzzy Hash: 5FF0F65278171627DE1026668C41F7F6ACCDBD5761F050137BE05AB3C2E99C8C0242FD
                                                                                        APIs
                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D4E1
                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D4F1
                                                                                        • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D501
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc
                                                                                        • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                        • API String ID: 190572456-212574377
                                                                                        • Opcode ID: 0cec18ecd77b334d9913731d687bcbf118ffb91831bb9c9ad7683d7253c977df
                                                                                        • Instruction ID: f545bb075b74a91891c18b47f2e11744e93a99b0212facb5d31f4bd58d546edf
                                                                                        • Opcode Fuzzy Hash: 0cec18ecd77b334d9913731d687bcbf118ffb91831bb9c9ad7683d7253c977df
                                                                                        • Instruction Fuzzy Hash: 6EF0D0B0D01704EAE724DFB6ACC77363A959BA431AF14943B9A0D96263E678044DCF2D
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,00480DAC), ref: 0042EA35
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA3B
                                                                                        • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA4C
                                                                                          • Part of subcall function 0042E9AC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                          • Part of subcall function 0042E9AC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                          • Part of subcall function 0042E9AC: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                        • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA60
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                        • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                        • API String ID: 142928637-2676053874
                                                                                        • Opcode ID: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                        • Instruction ID: 20967f7a279d57b19857f2ad39d34e10c6be6de8430a8d3efc5b40b14e24a4c3
                                                                                        • Opcode Fuzzy Hash: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                        • Instruction Fuzzy Hash: 99E092A1741B20EAEA10B7B67C86FAA2658EB1076DF500037F100A51F1C3BD1C80CE9E
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F089), ref: 0044C7EB
                                                                                        • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7FC
                                                                                        • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C80C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                        • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                        • API String ID: 2238633743-1050967733
                                                                                        • Opcode ID: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                        • Instruction ID: d6497c9818d993b67a5702c7731996643d684f189bbd4b702b1f6e54e13363b7
                                                                                        • Opcode Fuzzy Hash: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                        • Instruction Fuzzy Hash: 50F0DA70282305CAE750BBB5FDD57263694E3A470AF18277BE841551A2C7B94844CB8C
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498794), ref: 00478746
                                                                                        • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478753
                                                                                        • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478763
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$HandleModule
                                                                                        • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                        • API String ID: 667068680-222143506
                                                                                        • Opcode ID: c231c6f2b70c156a9a87dd751a131f3597001cd76c60e66cfe2a3d12b45a0e7a
                                                                                        • Instruction ID: d9a2c3c187cd73cba94933972f30ec689a131e62bb2a59a557d4d9670201d7da
                                                                                        • Opcode Fuzzy Hash: c231c6f2b70c156a9a87dd751a131f3597001cd76c60e66cfe2a3d12b45a0e7a
                                                                                        • Instruction Fuzzy Hash: 79C0C9F02C0700EA9604B7F11CCBA7A2548C500729330803FB19EA6182D97C0C104A6C
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 0041B745
                                                                                        • GetDC.USER32(?), ref: 0041B751
                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 0041B786
                                                                                        • RealizePalette.GDI32(00000000), ref: 0041B792
                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041B7C0
                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041B7F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                        • String ID:
                                                                                        • API String ID: 3275473261-0
                                                                                        • Opcode ID: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                        • Instruction ID: 38bdddf8d72f5571b31e8017bfcff87152bbfcb95d4f6cd7f9962c0a723fddb9
                                                                                        • Opcode Fuzzy Hash: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                        • Instruction Fuzzy Hash: 8A512F70A002099FDF11DFA9C881AEEBBF9FF49704F104066F504A7791D7799981CBA9
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 0041BA17
                                                                                        • GetDC.USER32(?), ref: 0041BA23
                                                                                        • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BA5D
                                                                                        • RealizePalette.GDI32(00000000), ref: 0041BA69
                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BA8D
                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BAC1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                        • String ID:
                                                                                        • API String ID: 3275473261-0
                                                                                        • Opcode ID: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                        • Instruction ID: 3fcaffe560058c7771eaec6053d79e0e1924f360d52694d27862de55114c0f48
                                                                                        • Opcode Fuzzy Hash: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                        • Instruction Fuzzy Hash: 9D512A74A002189FDB11DFA9C891AAEBBF9FF49700F154066F904EB751D738AD40CBA4
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 0041B57E
                                                                                        • GetDC.USER32(?), ref: 0041B58A
                                                                                        • GetDeviceCaps.GDI32(?,00000068), ref: 0041B5A6
                                                                                        • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5C3
                                                                                        • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5DA
                                                                                        • ReleaseDC.USER32(?,?), ref: 0041B626
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                                                        • String ID:
                                                                                        • API String ID: 2502006586-0
                                                                                        • Opcode ID: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                        • Instruction ID: 1753bd22f5710d4f749a3cf2d8329d0f84e6490acb09e3fae29671003709e3a5
                                                                                        • Opcode Fuzzy Hash: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                        • Instruction Fuzzy Hash: D0410631A04258AFDF10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D51CBA5
                                                                                        APIs
                                                                                        • SetLastError.KERNEL32(00000057,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF07
                                                                                        • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045CFD4,?,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF46
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                        • API String ID: 1452528299-1580325520
                                                                                        • Opcode ID: 1bdeb0a210bc513e3c49bf4cbd891cc1911c01b4b436513822a1df069e086b30
                                                                                        • Instruction ID: 452c5d812052531473411f8275c40b5c85b18bf76fc7955a310c39f58cd58d14
                                                                                        • Opcode Fuzzy Hash: 1bdeb0a210bc513e3c49bf4cbd891cc1911c01b4b436513822a1df069e086b30
                                                                                        • Instruction Fuzzy Hash: 3811A536204304AFD711DAA1C9C2A9EB69EDB44706F604037AD00A62C7D67C5F0AD52D
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000000B), ref: 0041BDD5
                                                                                        • GetSystemMetrics.USER32(0000000C), ref: 0041BDDF
                                                                                        • GetDC.USER32(00000000), ref: 0041BDE9
                                                                                        • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041BE10
                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041BE1D
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0041BE56
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDeviceMetricsSystem$Release
                                                                                        • String ID:
                                                                                        • API String ID: 447804332-0
                                                                                        • Opcode ID: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                        • Instruction ID: d5b995c8e3894394b735eabd433659eae54025482fea58e306a85006fdca5b97
                                                                                        • Opcode Fuzzy Hash: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                        • Instruction Fuzzy Hash: E5212A74E04648AFEB00EFA9C941BEEB7B4EB48714F10846AF514B7690D7785940CB69
                                                                                        APIs
                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0047E24A
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CBBD), ref: 0047E270
                                                                                        • GetWindowLongA.USER32(?,000000EC), ref: 0047E280
                                                                                        • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047E2A1
                                                                                        • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047E2B5
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047E2D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long$Show
                                                                                        • String ID:
                                                                                        • API String ID: 3609083571-0
                                                                                        • Opcode ID: b4e19ff4e98ab52ecda950bfdcb646100cf30b97dd598c6192f2cb622b5c4e11
                                                                                        • Instruction ID: c2beb8629b08809d81cb9269d2d7eee694fde7899d985d279cae8c77c91b058d
                                                                                        • Opcode Fuzzy Hash: b4e19ff4e98ab52ecda950bfdcb646100cf30b97dd598c6192f2cb622b5c4e11
                                                                                        • Instruction Fuzzy Hash: A40140B1641210ABE610D769DE41F2237DCAB0C360F0907A6BA44EF3E3C728E8408B49
                                                                                        APIs
                                                                                          • Part of subcall function 0041A6E0: CreateBrushIndirect.GDI32 ref: 0041A74B
                                                                                        • UnrealizeObject.GDI32(00000000), ref: 0041B27C
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0041B28E
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041B2B1
                                                                                        • SetBkMode.GDI32(?,00000002), ref: 0041B2BC
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0041B2D7
                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0041B2E2
                                                                                          • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                        • String ID:
                                                                                        • API String ID: 3527656728-0
                                                                                        • Opcode ID: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                        • Instruction ID: d03b18a2b949c207061bd18b8e5d47ed8ce294e6be165222704fda36eef26a4f
                                                                                        • Opcode Fuzzy Hash: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                        • Instruction Fuzzy Hash: 56F0CD756015009BDE00FFAAD9CBE4B3B989F043097048496B908DF187CA3CD8649B3A
                                                                                        APIs
                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                        • ShowWindow.USER32(?,00000005,00000000,00497B31,?,?,00000000), ref: 00497902
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                          • Part of subcall function 004072A8: SetCurrentDirectoryA.KERNEL32(00000000,?,0049792A,00000000,00497AFD,?,?,00000005,00000000,00497B31,?,?,00000000), ref: 004072B3
                                                                                          • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                        • String ID: .dat$.msg$IMsg$Uninstall
                                                                                        • API String ID: 3312786188-1660910688
                                                                                        • Opcode ID: 7512cdbd572c9146c7922e267a2e3ec6043e3c2241cd3ad81f3df178027fada8
                                                                                        • Instruction ID: 79fbc7277211ce2bf855d188aeb365c1f4e20c687b9dac3c04c4e1571c34c8ae
                                                                                        • Opcode Fuzzy Hash: 7512cdbd572c9146c7922e267a2e3ec6043e3c2241cd3ad81f3df178027fada8
                                                                                        • Instruction Fuzzy Hash: 44315E34A10214AFDB01EB65DC92D5E7B75FB89718B91847AF400AB392DB38BD018B58
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EADA
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAE0
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB09
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                        • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                        • API String ID: 828529508-2866557904
                                                                                        • Opcode ID: dc376cfddf31d7f2fdf241a02509d8c694355095d88693d0378826b1ee5e642a
                                                                                        • Instruction ID: 7e091cf0cf0c4dae12ae48626bdfb721f4796128e550bb25d34418d77cfbcdd5
                                                                                        • Opcode Fuzzy Hash: dc376cfddf31d7f2fdf241a02509d8c694355095d88693d0378826b1ee5e642a
                                                                                        • Instruction Fuzzy Hash: 70F0C8D034061136E620B57F5C82F7B598C8F94759F140436B109E62C2D96CA905426E
                                                                                        APIs
                                                                                        • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00457E78
                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00457E99
                                                                                        • CloseHandle.KERNEL32(?,00457ECC), ref: 00457EBF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                        • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                        • API String ID: 2573145106-3235461205
                                                                                        • Opcode ID: 1ea0d3176aedc3e092b8d1903486a3d6a13cecd7bb31937a8215cd8aa9781b6e
                                                                                        • Instruction ID: b72ead612c96ea1451a2df619a1119c508d9f8e19ef45bb7a80fe0c677849c01
                                                                                        • Opcode Fuzzy Hash: 1ea0d3176aedc3e092b8d1903486a3d6a13cecd7bb31937a8215cd8aa9781b6e
                                                                                        • Instruction Fuzzy Hash: DA01A235608304AFD711EBA9AC06A1A73A8EB49715F2040B6FC10E73D3D6389E04861D
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                        • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                        • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                        • API String ID: 3478007392-2498399450
                                                                                        • Opcode ID: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                        • Instruction ID: c922fa4e85abb1c6873f36dcd01b6443d81c66d6c3501223796626af46e79b09
                                                                                        • Opcode Fuzzy Hash: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                        • Instruction Fuzzy Hash: 5CE0ECB2740324EADA103B627E8AF663558E724B19F50043BF001751F1C7FD1C80CA9E
                                                                                        APIs
                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 004776BC
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004777B3,0049C0A4,00000000), ref: 004776CF
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004776D5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                        • String ID: AllowSetForegroundWindow$user32.dll
                                                                                        • API String ID: 1782028327-3855017861
                                                                                        • Opcode ID: 79b78db4dd9cdf85c2be20cd47b0727ffde78e70408e3af60258cd37bb1d66b3
                                                                                        • Instruction ID: ee14923c72d036b6004e6d5d181e2ae3dde99fc96f584ef82141a9a0fe8b283c
                                                                                        • Opcode Fuzzy Hash: 79b78db4dd9cdf85c2be20cd47b0727ffde78e70408e3af60258cd37bb1d66b3
                                                                                        • Instruction Fuzzy Hash: 99D0C7D0249B02AAD910B3F94D47FAF365CA954768794C47B7404E218DDABCDC00D93D
                                                                                        APIs
                                                                                        • BeginPaint.USER32(00000000,?), ref: 00416C52
                                                                                        • SaveDC.GDI32(?), ref: 00416C83
                                                                                        • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D45), ref: 00416CE4
                                                                                        • RestoreDC.GDI32(?,?), ref: 00416D0B
                                                                                        • EndPaint.USER32(00000000,?,00416D4C,00000000,00416D45), ref: 00416D3F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                        • String ID:
                                                                                        • API String ID: 3808407030-0
                                                                                        • Opcode ID: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                        • Instruction ID: 8164e3b37c2b38cc39b91ef4074089abf19b8963c3e0e5cbd12a4ce3d65b1abe
                                                                                        • Opcode Fuzzy Hash: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                        • Instruction Fuzzy Hash: A1415070A002049FCB14DBA9C585FAA77F9FF48304F1540AEE8459B362D778DD81CB58
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                        • Instruction ID: a833d86c80f2fb81cba799e3b93fc1891ddf3ebdd98a67124a25423b7ab76754
                                                                                        • Opcode Fuzzy Hash: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                        • Instruction Fuzzy Hash: 563132746057809FC320EF69C984B9BB7E8AF89354F04491EF9D5C3752C638E8818F19
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429808
                                                                                        • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429837
                                                                                        • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429853
                                                                                        • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042987E
                                                                                        • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 0042989C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                        • Instruction ID: 8b65b0e689063cc909dba6714575951256d1ad54ff8cece17fd29570ea6901c2
                                                                                        • Opcode Fuzzy Hash: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                        • Instruction Fuzzy Hash: 6E219D707107057BEB10AB62DC82F5B7AECAB41708F54443EB501AB2D2DFB8AE418228
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000000B), ref: 0041BBCA
                                                                                        • GetSystemMetrics.USER32(0000000C), ref: 0041BBD4
                                                                                        • GetDC.USER32(00000000), ref: 0041BC12
                                                                                        • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC59
                                                                                        • DeleteObject.GDI32(00000000), ref: 0041BC9A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                                                        • String ID:
                                                                                        • API String ID: 1095203571-0
                                                                                        • Opcode ID: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                        • Instruction ID: 2a907a32995036c4e239f44386a828d3a2f1e7d44945ead90e55d18394f4d4ff
                                                                                        • Opcode Fuzzy Hash: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                        • Instruction Fuzzy Hash: 5D315C70E00208EFDB04DFA5C941AAEB7F5EB48700F2084AAF514AB781D7789E40DB98
                                                                                        APIs
                                                                                          • Part of subcall function 0045CE9C: SetLastError.KERNEL32(00000057,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF07
                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00473520,?,?,0049C1DC,00000000), ref: 004734D9
                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00473520,?,?,0049C1DC,00000000), ref: 004734EF
                                                                                        Strings
                                                                                        • Could not set permissions on the registry key because it currently does not exist., xrefs: 004734E3
                                                                                        • Setting permissions on registry key: %s\%s, xrefs: 0047349E
                                                                                        • Failed to set permissions on registry key (%d)., xrefs: 00473500
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                        • API String ID: 1452528299-4018462623
                                                                                        • Opcode ID: 6a97e4f81041aadbe163303a7d14e2778330a35fec2615f3944f9ca16867819a
                                                                                        • Instruction ID: f6b37ec0c80c1520313a246a851a493010c524415d82476cd93cad017a8f966b
                                                                                        • Opcode Fuzzy Hash: 6a97e4f81041aadbe163303a7d14e2778330a35fec2615f3944f9ca16867819a
                                                                                        • Instruction Fuzzy Hash: 76218670A042445FCB10DFA9C8826EEBBE4DF49315F50817BE508E7392D7785E05876D
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                        • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                        • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$AllocString
                                                                                        • String ID:
                                                                                        • API String ID: 262959230-0
                                                                                        • Opcode ID: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                        • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                        • Opcode Fuzzy Hash: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                        • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                        APIs
                                                                                        • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414419
                                                                                        • RealizePalette.GDI32(00000000), ref: 00414421
                                                                                        • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414435
                                                                                        • RealizePalette.GDI32(00000000), ref: 0041443B
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00414446
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Palette$RealizeSelect$Release
                                                                                        • String ID:
                                                                                        • API String ID: 2261976640-0
                                                                                        • Opcode ID: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                        • Instruction ID: 3cc421e061c7a323c9855e33cbe13bf4890882f9e8533d15179bd5f7679f66d2
                                                                                        • Opcode Fuzzy Hash: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                        • Instruction Fuzzy Hash: A2018F7520C3806AE600A63D8C85A9F6BED9FCA718F15446EF495DB282DA7AC8018765
                                                                                        APIs
                                                                                          • Part of subcall function 0041F074: GetActiveWindow.USER32 ref: 0041F077
                                                                                          • Part of subcall function 0041F074: GetCurrentThreadId.KERNEL32 ref: 0041F08C
                                                                                          • Part of subcall function 0041F074: EnumThreadWindows.USER32(00000000,Function_0001F050), ref: 0041F092
                                                                                          • Part of subcall function 004231A8: GetSystemMetrics.USER32(00000000), ref: 004231AA
                                                                                        • OffsetRect.USER32(?,?,?), ref: 00424DC9
                                                                                        • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E8C
                                                                                        • OffsetRect.USER32(?,?,?), ref: 00424E9D
                                                                                          • Part of subcall function 00423564: GetCurrentThreadId.KERNEL32 ref: 00423579
                                                                                          • Part of subcall function 00423564: SetWindowsHookExA.USER32(00000003,00423520,00000000,00000000), ref: 00423589
                                                                                          • Part of subcall function 00423564: CreateThread.KERNEL32(00000000,000003E8,004234D0,00000000,00000000), ref: 004235AD
                                                                                          • Part of subcall function 00424B2C: SetTimer.USER32(00000000,00000001,?,004234B4), ref: 00424B47
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$CurrentOffsetRectWindows$ActiveCreateDrawEnumHookMetricsSystemTextTimerWindow
                                                                                        • String ID: vLB
                                                                                        • API String ID: 1477829881-1797516613
                                                                                        • Opcode ID: 9987255b0b6c78362164308449554d51e9442941db4b17a29f095a444d8f0f61
                                                                                        • Instruction ID: 1a85cd152e58b5c2614c87f396891e2b5808bef0cf689969089b0637ec596c27
                                                                                        • Opcode Fuzzy Hash: 9987255b0b6c78362164308449554d51e9442941db4b17a29f095a444d8f0f61
                                                                                        • Instruction Fuzzy Hash: C5812675A003188FCB14DFA8D880ADEBBF4FF88314F50416AE905AB296E738AD45CF44
                                                                                        APIs
                                                                                        • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407003
                                                                                        • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040707D
                                                                                        • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070D5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Enum$NameOpenResourceUniversal
                                                                                        • String ID: Z
                                                                                        • API String ID: 3604996873-1505515367
                                                                                        • Opcode ID: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                        • Instruction ID: 78f4b6eea80f90a9c0d6dbacb1000d6f5057f9b0a0312f2c839bfa0eabc808a5
                                                                                        • Opcode Fuzzy Hash: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                        • Instruction Fuzzy Hash: 14516470E04208AFDB11DF95C951AAFBBB9EF09304F1045BAE500BB3D1D778AE458B5A
                                                                                        APIs
                                                                                        • SetRectEmpty.USER32(?), ref: 0044D04E
                                                                                        • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D079
                                                                                        • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D101
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DrawText$EmptyRect
                                                                                        • String ID:
                                                                                        • API String ID: 182455014-2867612384
                                                                                        • Opcode ID: 3cb455d8176bf3e5231f8dda4285d64bdc155d7a8260b5a0e5f680fe50550aac
                                                                                        • Instruction ID: ac611c4ae9e9b4e435f74cd3b872a097dcdbbef8ea8fa2dc8c743a2ef399c877
                                                                                        • Opcode Fuzzy Hash: 3cb455d8176bf3e5231f8dda4285d64bdc155d7a8260b5a0e5f680fe50550aac
                                                                                        • Instruction Fuzzy Hash: 18517171E00248AFDB11DFA5C885BDEBBF8BF48308F18447AE845EB252D7789945CB64
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 0042EF9E
                                                                                          • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                        • SelectObject.GDI32(?,00000000), ref: 0042EFC1
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 0042F0A0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFontIndirectObjectReleaseSelect
                                                                                        • String ID: ...\
                                                                                        • API String ID: 3133960002-983595016
                                                                                        • Opcode ID: 65766ae35a5ff9b042dd79c87bacb89811e544568082cefb05445997e7e8f61e
                                                                                        • Instruction ID: de545d42c11d103cbad381cc3223c2b5efa9fdb4a6e9ae4bb0445229962d8c70
                                                                                        • Opcode Fuzzy Hash: 65766ae35a5ff9b042dd79c87bacb89811e544568082cefb05445997e7e8f61e
                                                                                        • Instruction Fuzzy Hash: 5A316370B00128AFDB11EB96D841BAEB7F8EB09348F90447BE410A7392D7785E49CA59
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                        • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateFileHandle
                                                                                        • String ID: .tmp$_iu
                                                                                        • API String ID: 3498533004-10593223
                                                                                        • Opcode ID: 1bf85a80132bbff87a9a827a47fd0c4a75e2f830b03f5f12b130a42208c1e1fd
                                                                                        • Instruction ID: c819285d1904897ee35e15112b57b1097950df4cd651dd5525fdc5768647a91e
                                                                                        • Opcode Fuzzy Hash: 1bf85a80132bbff87a9a827a47fd0c4a75e2f830b03f5f12b130a42208c1e1fd
                                                                                        • Instruction Fuzzy Hash: 6531C5B0A00249ABCB11EFA5D842B9EBBB4AF44345F20453AF810B73C2D7785F058B69
                                                                                        APIs
                                                                                        • GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                        • UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                        • RegisterClassA.USER32(?), ref: 004164CE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Class$InfoRegisterUnregister
                                                                                        • String ID: @
                                                                                        • API String ID: 3749476976-2766056989
                                                                                        • Opcode ID: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                        • Instruction ID: c77080f262680b7bd3c4c6a37e0a11d074b1995aa9dd52ebf92fb76dd285a693
                                                                                        • Opcode Fuzzy Hash: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                        • Instruction Fuzzy Hash: B8316D702042409BD720EF69C981B9B77E5AB89308F04457FF949DB392DB39DD44CB6A
                                                                                        APIs
                                                                                        • GetFileAttributesA.KERNEL32(00000000,004986D0,00000000,00497E76,?,?,00000000,0049B628), ref: 00497DF0
                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,004986D0,00000000,00497E76,?,?,00000000,0049B628), ref: 00497E19
                                                                                        • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00497E32
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Attributes$Move
                                                                                        • String ID: isRS-%.3u.tmp
                                                                                        • API String ID: 3839737484-3657609586
                                                                                        • Opcode ID: c8ffd91a69648c323ebec4846a0c95b9f63ed5ce66c8394ab64ce5c1dd8b2d9f
                                                                                        • Instruction ID: d3b1e0af9bc01606b4acbc4251c5ccfb03fd27bd09466a3f7c53cc9bc4e4fae9
                                                                                        • Opcode Fuzzy Hash: c8ffd91a69648c323ebec4846a0c95b9f63ed5ce66c8394ab64ce5c1dd8b2d9f
                                                                                        • Instruction Fuzzy Hash: F5214F71E14219AFCF11EFA9C881AAFBBB8EF44714F10457BB814B72D1D6389E018B59
                                                                                        APIs
                                                                                        • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                        • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitMessageProcess
                                                                                        • String ID: Error$Runtime error at 00000000
                                                                                        • API String ID: 1220098344-2970929446
                                                                                        • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                        • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                                        • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                        • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                                        APIs
                                                                                          • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                          • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                          • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                        • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456A9C
                                                                                        • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456AC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                        • String ID: LoadTypeLib$RegisterTypeLib
                                                                                        • API String ID: 1312246647-2435364021
                                                                                        • Opcode ID: c06c5e8b46d4cc008794e6ef7648282b6775267df5f2c1a0af32ed40ef5fa1a3
                                                                                        • Instruction ID: f320f84dc8d434ac547319b1f88b10c46afed2bb2b034f8a1d5164c41c1038b2
                                                                                        • Opcode Fuzzy Hash: c06c5e8b46d4cc008794e6ef7648282b6775267df5f2c1a0af32ed40ef5fa1a3
                                                                                        • Instruction Fuzzy Hash: CE118430B00604AFDB11DFA6CD55A5AB7BDEB89705F518476FD04D3652DA389E04CA14
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00456FBA
                                                                                        • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00457057
                                                                                        Strings
                                                                                        • Failed to create DebugClientWnd, xrefs: 00457020
                                                                                        • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00456FE6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                        • API String ID: 3850602802-3720027226
                                                                                        • Opcode ID: 6dc4dd13ffff63052e532ec2970cf3a172fdf6ef35738a55e650b02f86b7c4d3
                                                                                        • Instruction ID: 7b454b92cb1dfb233f50f2560aabdc39b6abe04e8f027f2194e5078dec578530
                                                                                        • Opcode Fuzzy Hash: 6dc4dd13ffff63052e532ec2970cf3a172fdf6ef35738a55e650b02f86b7c4d3
                                                                                        • Instruction Fuzzy Hash: 571127706083409BE310ABA8DC81B5FBBD89B14719F01403AFE849B3C3D7795818C7AE
                                                                                        APIs
                                                                                          • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                        • GetFocus.USER32 ref: 00478277
                                                                                        • GetKeyState.USER32(0000007A), ref: 00478289
                                                                                        • WaitMessage.USER32(?,00000000,004782B0,?,00000000,004782D7,?,?,00000001,00000000,?,?,?,0047FEE6,00000000,00480DAC), ref: 00478293
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: FocusMessageStateTextWaitWindow
                                                                                        • String ID: Wnd=$%x
                                                                                        • API String ID: 1381870634-2927251529
                                                                                        • Opcode ID: f1958697a4901136eb243dbe20eb39cbb326672f79de8de72c1a435ff1b0447b
                                                                                        • Instruction ID: 17992b3effc84475d262d1a309b63da61542e22f0e105337c9737e95fd9359ad
                                                                                        • Opcode Fuzzy Hash: f1958697a4901136eb243dbe20eb39cbb326672f79de8de72c1a435ff1b0447b
                                                                                        • Instruction Fuzzy Hash: B811A730644644AFC701FF65DC5999E7BB8EB49304F9184FAF408E7692DB386900CA69
                                                                                        APIs
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E48C
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E49B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$File$LocalSystem
                                                                                        • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                        • API String ID: 1748579591-1013271723
                                                                                        • Opcode ID: 2c82eb517319c4feb0678a2222fa1caa0c7cc9d70da35f771929cd42352f02e5
                                                                                        • Instruction ID: a22b2a007e2cf2d6de8f80eb00497e2bff53ee2dc74e74251f844a221e221b1c
                                                                                        • Opcode Fuzzy Hash: 2c82eb517319c4feb0678a2222fa1caa0c7cc9d70da35f771929cd42352f02e5
                                                                                        • Instruction Fuzzy Hash: 3711F8A440C3919ED340DF6AC44432BBAE4AB89708F44496EF9C8D6381E77AC948DB67
                                                                                        APIs
                                                                                        • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F83
                                                                                          • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                        • MoveFileA.KERNEL32(00000000,00000000), ref: 00453FA8
                                                                                          • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$AttributesDeleteErrorLastMove
                                                                                        • String ID: DeleteFile$MoveFile
                                                                                        • API String ID: 3024442154-139070271
                                                                                        • Opcode ID: 75fc53fd0ddaa48128ef6cce4dae119495c42920ad3f5386662393d2e6d8c133
                                                                                        • Instruction ID: b5871bee3d194af1fa843ac656f6d820fc0ba16d57580c91db5694710367c43f
                                                                                        • Opcode Fuzzy Hash: 75fc53fd0ddaa48128ef6cce4dae119495c42920ad3f5386662393d2e6d8c133
                                                                                        • Instruction Fuzzy Hash: AEF062716142045BD701FBA2D84266EA7ECDB8435EF60443BB900BB6C3DA3C9E094529
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592F1,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459201
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                        • API String ID: 47109696-2631785700
                                                                                        • Opcode ID: 7bfc696592b003d8a6b238063e783ff3189b4dca7eb8d211325608debd19b0e7
                                                                                        • Instruction ID: d749d17306166952b18a3f7a40743e5d4d539800c31903ae925bcb827c574b5e
                                                                                        • Opcode Fuzzy Hash: 7bfc696592b003d8a6b238063e783ff3189b4dca7eb8d211325608debd19b0e7
                                                                                        • Instruction Fuzzy Hash: EEF0C231700150EBCB10EB9AD895B4E7398DB95356F50453BF980CB263C63CCC0ACA6E
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004836E9
                                                                                        • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0048370C
                                                                                        Strings
                                                                                        • System\CurrentControlSet\Control\Windows, xrefs: 004836B6
                                                                                        • CSDVersion, xrefs: 004836E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                        • API String ID: 3677997916-1910633163
                                                                                        • Opcode ID: b08de6e064ab0066fdf25e92b32557c09a13beb56fb99f55e24ba5929372f4fd
                                                                                        • Instruction ID: e2e1efa57e06e253ed5c33608a99233e6d60fcd3e82f395225068b7938859aaf
                                                                                        • Opcode Fuzzy Hash: b08de6e064ab0066fdf25e92b32557c09a13beb56fb99f55e24ba5929372f4fd
                                                                                        • Instruction Fuzzy Hash: 07F036F5A40209B6DF10EBD1CC45B9F77FC9B04B05F108567E910E7280E678DB048B59
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                        • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                        • API String ID: 1646373207-4063490227
                                                                                        • Opcode ID: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                        • Instruction ID: 657275fb9dfacbe144619f02b172540cf2f0c5a6f4252bec6bd03a25d2dd35a2
                                                                                        • Opcode Fuzzy Hash: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                        • Instruction Fuzzy Hash: A5E0DFE0B40B0122D70032BA1C82B6B108D4B84728F90053B3894E62D6DDBCD9840A6D
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAD0), ref: 0042EB62
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB68
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                        • API String ID: 1646373207-260599015
                                                                                        • Opcode ID: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                        • Instruction ID: e1ec077e445c8734ae54db5ffdd633522f5c412f0b7fee52e54de0d29bb4c321
                                                                                        • Opcode Fuzzy Hash: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                        • Instruction Fuzzy Hash: A2D0C793311732665D10B1F73CD1EAB058C891527935404B7F515E5641D55DEC1115AD
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498762), ref: 0044F77F
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: NotifyWinEvent$user32.dll
                                                                                        • API String ID: 1646373207-597752486
                                                                                        • Opcode ID: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                        • Instruction ID: 5e946f17392c81a4f172a46fe169fb9a1f72c9003761a5edf28bd31acc2f1150
                                                                                        • Opcode Fuzzy Hash: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                        • Instruction Fuzzy Hash: 59E012F0E417049AFF00BBB57B86B1A3A90E764719B00057FF414A6292DB7C481C4F9D
                                                                                        APIs
                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,004987B8,00000001,00000000,004987DC), ref: 004984E2
                                                                                        • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004984E8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                        • API String ID: 1646373207-834958232
                                                                                        • Opcode ID: 0a6869f336692cffb72a3d37b5043cace6ddfe1b26e102b83d1b95de8ab3ca94
                                                                                        • Instruction ID: 53974a48addda20669242eeec291eced9f9b3ea586a0102388b68221815f3be9
                                                                                        • Opcode Fuzzy Hash: 0a6869f336692cffb72a3d37b5043cace6ddfe1b26e102b83d1b95de8ab3ca94
                                                                                        • Instruction Fuzzy Hash: 8EB092C0280703689C8032BA0C02F1F08484C4272CB10003F3810A40C7ED6CDC00083D
                                                                                        APIs
                                                                                          • Part of subcall function 0044B658: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498762), ref: 0044B67F
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                          • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                        • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049878A), ref: 00464477
                                                                                        • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0046447D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                        • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                        • API String ID: 2238633743-2683653824
                                                                                        • Opcode ID: 43e9449c42c64eafa185df201a3e78782dc27b2a49daecccd0491a4bbbb3dbf6
                                                                                        • Instruction ID: aee408708d02c77079155b2370532760acd370d0883c3ae68736bebce920fed0
                                                                                        • Opcode Fuzzy Hash: 43e9449c42c64eafa185df201a3e78782dc27b2a49daecccd0491a4bbbb3dbf6
                                                                                        • Instruction Fuzzy Hash: 73B09290681740A8CA007BB2289BB0F2A4894B072E7A2463B7008710C6EF7C84204A6E
                                                                                        APIs
                                                                                        • FindNextFileA.KERNEL32(000000FF,?,00000000,0047D2E0,?,?,?,?,00000000,0047D435,?,?,?,00000000,?,0047D544), ref: 0047D2BC
                                                                                        • FindClose.KERNEL32(000000FF,0047D2E7,0047D2E0,?,?,?,?,00000000,0047D435,?,?,?,00000000,?,0047D544,00000000), ref: 0047D2DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileNext
                                                                                        • String ID:
                                                                                        • API String ID: 2066263336-0
                                                                                        • Opcode ID: 1bb33653f71372efa694325d8d6b641fbfb84b71fff8fb7ce2a7bf965ad77fdb
                                                                                        • Instruction ID: 813c4c7e096b0537259228c6ce98783779beb739e450e2ccca0bb42f0b61749a
                                                                                        • Opcode Fuzzy Hash: 1bb33653f71372efa694325d8d6b641fbfb84b71fff8fb7ce2a7bf965ad77fdb
                                                                                        • Instruction Fuzzy Hash: 6A813B30D0024D9FDF11DFA5C845ADFBBB9EF49304F5080EAE808A3292D639AA46CF55
                                                                                        APIs
                                                                                          • Part of subcall function 0042EE30: GetTickCount.KERNEL32 ref: 0042EE36
                                                                                          • Part of subcall function 0042EC88: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECBD
                                                                                        • GetLastError.KERNEL32(00000000,00475595,?,?,0049C1DC,00000000), ref: 0047547E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CountErrorFileLastMoveTick
                                                                                        • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                        • API String ID: 2406187244-2685451598
                                                                                        • Opcode ID: c178663150e68b17ede051a88a8c0b8e52ebf449323b5d146d45458d51117132
                                                                                        • Instruction ID: cb6e190203de8706f01eb9277cb95c8d8a5d25c2e0fbb05709c61410d89611bd
                                                                                        • Opcode Fuzzy Hash: c178663150e68b17ede051a88a8c0b8e52ebf449323b5d146d45458d51117132
                                                                                        • Instruction Fuzzy Hash: 9E41B770A006099BCB10EFA5D882AEE77B5EF48314F608537E404BB355D7789A418BAD
                                                                                        APIs
                                                                                        • GetDesktopWindow.USER32 ref: 00413D46
                                                                                        • GetDesktopWindow.USER32 ref: 00413DFE
                                                                                          • Part of subcall function 00418EC0: 6F59C6F0.COMCTL32(?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EDC
                                                                                          • Part of subcall function 00418EC0: ShowCursor.USER32(00000001,?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EF9
                                                                                        • SetCursor.USER32(00000000,?,?,?,?,00413AF3,00000000,00413B06), ref: 00413E3C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CursorDesktopWindow$Show
                                                                                        • String ID:
                                                                                        • API String ID: 2074268717-0
                                                                                        • Opcode ID: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                        • Instruction ID: d0219f8535474b9b7e790bb207accfb6dce16a9ac66decbe361331da1304c66b
                                                                                        • Opcode Fuzzy Hash: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                        • Instruction Fuzzy Hash: 91412C75600210AFC710DF2AFA84B56B7E1EB65329B16817BE405CB365DB38DD81CF98
                                                                                        APIs
                                                                                        • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A75
                                                                                        • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AE4
                                                                                        • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B7F
                                                                                        • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BBE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadString$FileMessageModuleName
                                                                                        • String ID:
                                                                                        • API String ID: 704749118-0
                                                                                        • Opcode ID: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                        • Instruction ID: 7d65b0a5aa49ad722f3f3263bbe29e3330acee4661d9e2153cfe083702b22da2
                                                                                        • Opcode Fuzzy Hash: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                        • Instruction Fuzzy Hash: 1F3123716083849AD370EB65C945BDF77D89B85704F40483FB6C8E72D1EB7859048B6B
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E90D
                                                                                          • Part of subcall function 0044CF50: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF82
                                                                                        • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E991
                                                                                          • Part of subcall function 0042BBB4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBC8
                                                                                        • IsRectEmpty.USER32(?), ref: 0044E953
                                                                                        • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E976
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                        • String ID:
                                                                                        • API String ID: 855768636-0
                                                                                        • Opcode ID: e9e3cf1fe88063870224b64a3ffaafaa7ea9294743723d0f52b5b35edb71e9c8
                                                                                        • Instruction ID: f7bad605b8f68185b4e834990bb8ca2287257270a928060092b59a923d315d7c
                                                                                        • Opcode Fuzzy Hash: e9e3cf1fe88063870224b64a3ffaafaa7ea9294743723d0f52b5b35edb71e9c8
                                                                                        • Instruction Fuzzy Hash: E5114A71B0030067E650BA7B8C86B5B76C9AB88748F15083FB545EB387DE7DDD094299
                                                                                        APIs
                                                                                        • OffsetRect.USER32(?,?,00000000), ref: 004954F8
                                                                                        • OffsetRect.USER32(?,00000000,?), ref: 00495513
                                                                                        • OffsetRect.USER32(?,?,00000000), ref: 0049552D
                                                                                        • OffsetRect.USER32(?,00000000,?), ref: 00495548
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: OffsetRect
                                                                                        • String ID:
                                                                                        • API String ID: 177026234-0
                                                                                        • Opcode ID: 189e9286564265d853a06d191ff0450012ffb6c3854856ebd751307d5f0fca29
                                                                                        • Instruction ID: 0cb6fc954a72117405a3be1f948335ff5a15e1e1cf1cb616ea1ff77106a83dd0
                                                                                        • Opcode Fuzzy Hash: 189e9286564265d853a06d191ff0450012ffb6c3854856ebd751307d5f0fca29
                                                                                        • Instruction Fuzzy Hash: 372181B6700601AFCB00DE69CD85E6B77DAEBC4344F248A2AF944C7249D638ED448755
                                                                                        APIs
                                                                                        • GetCursorPos.USER32 ref: 00417260
                                                                                        • SetCursor.USER32(00000000), ref: 004172A3
                                                                                        • GetLastActivePopup.USER32(?), ref: 004172CD
                                                                                        • GetForegroundWindow.USER32(?), ref: 004172D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1959210111-0
                                                                                        • Opcode ID: 0923a2c161fc1a9e066ccd67b54e00c3a39e3c999bff849f93405dbd13ead463
                                                                                        • Instruction ID: de3f0dc6b436800086b9427ec8ddd2ec86eeedce3a35093462374e80c8eda50e
                                                                                        • Opcode Fuzzy Hash: 0923a2c161fc1a9e066ccd67b54e00c3a39e3c999bff849f93405dbd13ead463
                                                                                        • Instruction Fuzzy Hash: C52183313086118AD720AFA9E945AE733F1EF44754B0544ABF8558B352DB3DDC82CB9E
                                                                                        APIs
                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495161
                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495175
                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 00495189
                                                                                        • MulDiv.KERNEL32(?,00000008,?), ref: 004951A7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                        • Instruction ID: ece1589fda812a565620013fcb1ed5a997ef569cae5724ba48b6fbd062de1f9b
                                                                                        • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                        • Instruction Fuzzy Hash: E8115172A05104AFCB40DEA9D8C5E8B7BECEF4D320B24416AF908DB346D634EC408BA4
                                                                                        APIs
                                                                                        • GetClassInfoA.USER32(00400000,0041F470,?), ref: 0041F4A1
                                                                                        • UnregisterClassA.USER32(0041F470,00400000), ref: 0041F4CA
                                                                                        • RegisterClassA.USER32(00499598), ref: 0041F4D4
                                                                                        • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F50F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                        • String ID:
                                                                                        • API String ID: 4025006896-0
                                                                                        • Opcode ID: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                        • Instruction ID: 7a0dc659497f48f9aad4428a0df7724adcaf244520b53866b591a9b3b5545ee4
                                                                                        • Opcode Fuzzy Hash: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                        • Instruction Fuzzy Hash: F6011B72240104AADA10EBACED81E9B33999729314B11423BB615E72A2D6399C558BAC
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D027
                                                                                        • LoadResource.KERNEL32(00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047C648,0000000A,00000000), ref: 0040D041
                                                                                        • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047C648), ref: 0040D05B
                                                                                        • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?), ref: 0040D065
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                        • String ID:
                                                                                        • API String ID: 3473537107-0
                                                                                        • Opcode ID: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                        • Instruction ID: ce77ce8360aa458f47a01e9b0563465317cd85cc21d7bcd45488e041df035c61
                                                                                        • Opcode Fuzzy Hash: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                        • Instruction Fuzzy Hash: 49F04F726056046F9B14EE59A881D5B77ECDE88268310013AF908E7286DA38DD018B68
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00470465
                                                                                        Strings
                                                                                        • Failed to set NTFS compression state (%d)., xrefs: 00470476
                                                                                        • Setting NTFS compression on file: %s, xrefs: 00470433
                                                                                        • Unsetting NTFS compression on file: %s, xrefs: 0047044B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                        • API String ID: 1452528299-3038984924
                                                                                        • Opcode ID: a714ca870f106a0b299b69b708085a280bfeb4b7d5a8dbea3a6d3b5799a23f26
                                                                                        • Instruction ID: 5508092d392c29e30f7e419f1558a5efa53bd64671fa73d33ea5aa8feab5f6e0
                                                                                        • Opcode Fuzzy Hash: a714ca870f106a0b299b69b708085a280bfeb4b7d5a8dbea3a6d3b5799a23f26
                                                                                        • Instruction Fuzzy Hash: CA016730E1924896CB14D7AD54812EDBBF49F49308F44C1EFA55DE7382DA781A08879A
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,00000000), ref: 0046FCB9
                                                                                        Strings
                                                                                        • Failed to set NTFS compression state (%d)., xrefs: 0046FCCA
                                                                                        • Setting NTFS compression on directory: %s, xrefs: 0046FC87
                                                                                        • Unsetting NTFS compression on directory: %s, xrefs: 0046FC9F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast
                                                                                        • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                        • API String ID: 1452528299-1392080489
                                                                                        • Opcode ID: d08b5e621045cc5cd0e44a77b6b1f6d9ef736be1227186b37ca663e00f32494c
                                                                                        • Instruction ID: 966577c707f49859c08c22ad5a588f09726d737875f6d95343439a3241496ead
                                                                                        • Opcode Fuzzy Hash: d08b5e621045cc5cd0e44a77b6b1f6d9ef736be1227186b37ca663e00f32494c
                                                                                        • Instruction Fuzzy Hash: 55011720D1824C56CB14D7AD74812DDBBB4AF49314F54C1BFA899E7342EB791A0C879B
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5FE,?,?,?,?,?,00000000,0045B625), ref: 00455DD8
                                                                                        • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5FE,?,?,?,?,?,00000000), ref: 00455DE1
                                                                                        • RemoveFontResourceA.GDI32(00000000), ref: 00455DEE
                                                                                        • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455E02
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                        • String ID:
                                                                                        • API String ID: 4283692357-0
                                                                                        • Opcode ID: 876c7f592335f26f534d3a610f48d9a4b9bf1bdf8c7f8d73d654af2b8de839a9
                                                                                        • Instruction ID: 71ccc6c4ad223293e5fa71c014565a1ca4f3f808124b73c5b0663eb55104ffd2
                                                                                        • Opcode Fuzzy Hash: 876c7f592335f26f534d3a610f48d9a4b9bf1bdf8c7f8d73d654af2b8de839a9
                                                                                        • Instruction Fuzzy Hash: 57F0BEB174070036EA10B6BAAC4BF2B26CC8F54745F10883ABA00EF2C3D97CDC04962D
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$CountSleepTick
                                                                                        • String ID:
                                                                                        • API String ID: 2227064392-0
                                                                                        • Opcode ID: a059845960953a09b5437104de94e4f2c0855e1466d2a7ed8765463934732ab9
                                                                                        • Instruction ID: 6dd2862dcb574814dc985a52fd8bef393983683767be68f312e29577703bd9fd
                                                                                        • Opcode Fuzzy Hash: a059845960953a09b5437104de94e4f2c0855e1466d2a7ed8765463934732ab9
                                                                                        • Instruction Fuzzy Hash: C4E0E5623291114D862935FE18D25AF4984CBC23A6B2A453FE088D6242C8584D05467F
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC,?,?,?,?,?,0049884B,00000000), ref: 00477D2D
                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC,?,?,?,?,?,0049884B), ref: 00477D33
                                                                                        • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC), ref: 00477D55
                                                                                        • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC), ref: 00477D66
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                        • String ID:
                                                                                        • API String ID: 215268677-0
                                                                                        • Opcode ID: 3a93110a626b43f3eadaa74cf541c0290f0e8f026231ea58c1b57ecd76d8e3ea
                                                                                        • Instruction ID: 7d1e0899fa26f13c2a6683c6024d2156ea27cbafc883e2ae306b9283f9cebe78
                                                                                        • Opcode Fuzzy Hash: 3a93110a626b43f3eadaa74cf541c0290f0e8f026231ea58c1b57ecd76d8e3ea
                                                                                        • Instruction Fuzzy Hash: 85F037616447007BD610E6B58C81E6B73DCEF44754F04893A7E94C72C1D678D8089726
                                                                                        APIs
                                                                                        • GetLastActivePopup.USER32(?), ref: 0042424C
                                                                                        • IsWindowVisible.USER32(?), ref: 0042425D
                                                                                        • IsWindowEnabled.USER32(?), ref: 00424267
                                                                                        • SetForegroundWindow.USER32(?), ref: 00424271
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                        • String ID:
                                                                                        • API String ID: 2280970139-0
                                                                                        • Opcode ID: f5eb756bdd9929eb0187d31ee3fb53ef02cbc66ad04bc69917a7cf098bede398
                                                                                        • Instruction ID: 2c5ff33fc315f6eb6fab431e1453bcb0e66c5aaaa6596e28cc8dc28fd0b03a53
                                                                                        • Opcode Fuzzy Hash: f5eb756bdd9929eb0187d31ee3fb53ef02cbc66ad04bc69917a7cf098bede398
                                                                                        • Instruction Fuzzy Hash: C7E0EC61B02672D6AE31FA7B2881A9F518C9D45BE434641EBBC04FB38ADB2CDC1141BD
                                                                                        APIs
                                                                                        • GlobalHandle.KERNEL32 ref: 0040626F
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00406276
                                                                                        • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040627B
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00406281
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$AllocHandleLockUnlock
                                                                                        • String ID:
                                                                                        • API String ID: 2167344118-0
                                                                                        • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                        • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                                                        • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                        • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                                                        APIs
                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047B625,?,00000000,00000000,00000001,00000000,00479FD9,?,00000000), ref: 00479F9D
                                                                                        Strings
                                                                                        • Failed to parse "reg" constant, xrefs: 00479FA4
                                                                                        • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 00479E11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                        • API String ID: 3535843008-1938159461
                                                                                        • Opcode ID: 16d8054e143327fe44f194470e69b7b3affe626307b8d2e4c87d8a967639857b
                                                                                        • Instruction ID: 47cfa27444033e2517bbb80e4c41b37ce2323e10df06c4a21d1f595548a21c80
                                                                                        • Opcode Fuzzy Hash: 16d8054e143327fe44f194470e69b7b3affe626307b8d2e4c87d8a967639857b
                                                                                        • Instruction Fuzzy Hash: EB814F74E00108AFCB10EFA5D881ADEBBF9EF49314F50816AE814E7391D7389E45CB98
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(00000000,004831FA,?,00000000,0048323B,?,?,?,?,00000000,00000000,00000000,?,0046BC0D), ref: 004830A9
                                                                                        • SetActiveWindow.USER32(?,00000000,004831FA,?,00000000,0048323B,?,?,?,?,00000000,00000000,00000000,?,0046BC0D), ref: 004830BB
                                                                                        Strings
                                                                                        • Will not restart Windows automatically., xrefs: 004831DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ActiveForeground
                                                                                        • String ID: Will not restart Windows automatically.
                                                                                        • API String ID: 307657957-4169339592
                                                                                        • Opcode ID: 5dc678ddc73231bd7f3deb4895ee9687ce670b7cd050f2935782a4b7fd108cc5
                                                                                        • Instruction ID: 14d12ce259a9d91e5540598a1459cb212717435f7278461c6eeed3650d71e2e9
                                                                                        • Opcode Fuzzy Hash: 5dc678ddc73231bd7f3deb4895ee9687ce670b7cd050f2935782a4b7fd108cc5
                                                                                        • Instruction Fuzzy Hash: E7415530304280AEE701FF64DDAAB6DBBA0AB56F05F104CB7E8404B3A2C67D1A01DB5D
                                                                                        Strings
                                                                                        • Failed to proceed to next wizard page; aborting., xrefs: 0046CB98
                                                                                        • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CBAC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                        • API String ID: 0-1974262853
                                                                                        • Opcode ID: 5c21498a53a12cfa8e7fd6d0fca4a53d4e4662c611673a7e38899ae354c5c1cd
                                                                                        • Instruction ID: f767aec7694c3a706269651ece3f491ea64dc64c3ef09eb99a1787ebd09846f2
                                                                                        • Opcode Fuzzy Hash: 5c21498a53a12cfa8e7fd6d0fca4a53d4e4662c611673a7e38899ae354c5c1cd
                                                                                        • Instruction Fuzzy Hash: A7317230604204DFD711EB99D5C6BA977E5AB05704F5500BBE048AB392D778BE40CB5E
                                                                                        APIs
                                                                                          • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                        • RegCloseKey.ADVAPI32(?,00478A9E,?,?,00000001,00000000,00000000,00478AB9), ref: 00478A87
                                                                                        Strings
                                                                                        • %s\%s_is1, xrefs: 00478A30
                                                                                        • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478A12
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpen
                                                                                        • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                        • API String ID: 47109696-1598650737
                                                                                        • Opcode ID: cbbb33293de64dd8a9f9caa67a5b3cda024617d485473e40b666104571127f40
                                                                                        • Instruction ID: dc80809357616fc60b3df9076f922e914a3229883baf2cade8178dd1eb90c67d
                                                                                        • Opcode Fuzzy Hash: cbbb33293de64dd8a9f9caa67a5b3cda024617d485473e40b666104571127f40
                                                                                        • Instruction Fuzzy Hash: C2218170B042446FDB01DFA9CC55ADEBBE8EB88304F90847BE508E7381DA789D01CB59
                                                                                        APIs
                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501FD
                                                                                        • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045022E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExecuteMessageSendShell
                                                                                        • String ID: open
                                                                                        • API String ID: 812272486-2758837156
                                                                                        • Opcode ID: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                        • Instruction ID: 7f57506e0c07b49dd0b520b237e7736b759e9f4ed638734fb0c833ac5abbff07
                                                                                        • Opcode Fuzzy Hash: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                        • Instruction Fuzzy Hash: A1216074E00204AFDB10DFA9C896B9EBBF8EB44705F1081BAB404E7292D678DE45CA59
                                                                                        APIs
                                                                                        • ShellExecuteEx.SHELL32(0000003C), ref: 0045532C
                                                                                        • GetLastError.KERNEL32(0000003C,00000000,00455375,?,?,?), ref: 0045533D
                                                                                          • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                        • String ID: <
                                                                                        • API String ID: 893404051-4251816714
                                                                                        • Opcode ID: eda88bca0edbb1d4d60b2465a169ef4fc32f774dfe42a6a5e367270b0e7eae9d
                                                                                        • Instruction ID: 92df0b2f1231c5c49ece4c570041ef31d6ed92e86db86b93cafb864a5026e18c
                                                                                        • Opcode Fuzzy Hash: eda88bca0edbb1d4d60b2465a169ef4fc32f774dfe42a6a5e367270b0e7eae9d
                                                                                        • Instruction Fuzzy Hash: 172167B0600609ABDB10EF65C8926AE7BE8AF44355F54403AFC44E7291D7789E49CB98
                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                                        • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                                          • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                          • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                          • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                          • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021C7BD4,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                        • String ID: )
                                                                                        • API String ID: 2227675388-1084416617
                                                                                        • Opcode ID: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                        • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                                        • Opcode Fuzzy Hash: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                        • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                                        APIs
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 004966D9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window
                                                                                        • String ID: /INITPROCWND=$%x $@
                                                                                        • API String ID: 2353593579-4169826103
                                                                                        • Opcode ID: b4f4c19a8bc55ff90c2e9b73843465f76c245e37ca3079c0cf601615490e7546
                                                                                        • Instruction ID: 2823dcf8e8ddb1ccfa98fa5e384fb34ae0e14248cce506d77a4005fc3c11fa4c
                                                                                        • Opcode Fuzzy Hash: b4f4c19a8bc55ff90c2e9b73843465f76c245e37ca3079c0cf601615490e7546
                                                                                        • Instruction Fuzzy Hash: 4711A531A042089FDF01DFA4D851BAE7FE8EB48318F5144BBE504E7291DB7C9905C658
                                                                                        APIs
                                                                                          • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                          • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                        • SysFreeString.OLEAUT32(?), ref: 004474C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$AllocByteCharFreeMultiWide
                                                                                        • String ID: NIL Interface Exception$Unknown Method
                                                                                        • API String ID: 3952431833-1023667238
                                                                                        • Opcode ID: 4f43f2048f3271615f10b1acac82c539bd88d3f79065c454e3b767f871ffd8a8
                                                                                        • Instruction ID: eb0132878ffe7144b3db707554455947565e11d0cdd4dc78092451a8fec87e99
                                                                                        • Opcode Fuzzy Hash: 4f43f2048f3271615f10b1acac82c539bd88d3f79065c454e3b767f871ffd8a8
                                                                                        • Instruction Fuzzy Hash: 8011B9706082089FEB10DFA58C52A6EBBBCEB09704F91407AF504F7681D77C9D01CB69
                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495FD8,?,00495FCC,00000000,00495FB3), ref: 00495F7E
                                                                                        • CloseHandle.KERNEL32(00496018,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495FD8,?,00495FCC,00000000), ref: 00495F95
                                                                                          • Part of subcall function 00495E68: GetLastError.KERNEL32(00000000,00495F00,?,?,?,?), ref: 00495E8C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateErrorHandleLastProcess
                                                                                        • String ID: D
                                                                                        • API String ID: 3798668922-2746444292
                                                                                        • Opcode ID: 2cac3968973140c3bf288dcd51b8fea51afb9ccec72b099e887b62547fa5ce6a
                                                                                        • Instruction ID: f27f12c2402a3b04c6ef5f500e2c30b4f6e8a0b8f5398e8f95c33b3eb070371b
                                                                                        • Opcode Fuzzy Hash: 2cac3968973140c3bf288dcd51b8fea51afb9ccec72b099e887b62547fa5ce6a
                                                                                        • Instruction Fuzzy Hash: FC015EB1644648AFDF05DBA2DD42E9EBBACDB08714F61003AF904E72C5D6789E048B68
                                                                                        APIs
                                                                                        • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD78
                                                                                        • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Value$EnumQuery
                                                                                        • String ID: Inno Setup: No Icons
                                                                                        • API String ID: 1576479698-2016326496
                                                                                        • Opcode ID: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                        • Instruction ID: 8d080c6700cf8453afd411d185ff7d2dd707f59376968ad674d2e7d16536e1ed
                                                                                        • Opcode Fuzzy Hash: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                        • Instruction Fuzzy Hash: 1B012B33B55B7179FB3045256D01F7B57889B82B60F64013BF942EA2C0D6999C04936E
                                                                                        APIs
                                                                                          • Part of subcall function 004555E4: GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                          • Part of subcall function 004555E4: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                        • SetForegroundWindow.USER32(?), ref: 00497406
                                                                                        Strings
                                                                                        • Restarting Windows., xrefs: 004973E3
                                                                                        • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 00497431
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                        • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                                                        • API String ID: 3179053593-4147564754
                                                                                        • Opcode ID: 4193847a8af397455179383c4cf3c5e93af51966d3aee1b0e62b09f4ca4c6cf6
                                                                                        • Instruction ID: 81a48865aaf16d48f947dda4b05133a8651c2c420a775bb83d5095b98b759fde
                                                                                        • Opcode Fuzzy Hash: 4193847a8af397455179383c4cf3c5e93af51966d3aee1b0e62b09f4ca4c6cf6
                                                                                        • Instruction Fuzzy Hash: 1C01B5B0618244AAEB01FB66E992B983F989B44308F80407BF5446B2D3C73C994AC75D
                                                                                        APIs
                                                                                          • Part of subcall function 0047CBBC: FreeLibrary.KERNEL32(74BB0000,00481513), ref: 0047CBD2
                                                                                          • Part of subcall function 0047C88C: GetTickCount.KERNEL32 ref: 0047C8D6
                                                                                          • Part of subcall function 004570E0: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004570FF
                                                                                        • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,004984CB), ref: 00497BC9
                                                                                        • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,004984CB), ref: 00497BCF
                                                                                        Strings
                                                                                        • Detected restart. Removing temporary directory., xrefs: 00497B83
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                        • String ID: Detected restart. Removing temporary directory.
                                                                                        • API String ID: 1717587489-3199836293
                                                                                        • Opcode ID: edd495a3eb806bce708dfd09f75f47a0044e32d2cd5383a21bd3adb2a5963435
                                                                                        • Instruction ID: d50bc6c630895905583a3a2fadab6dc9590d78cbbd3fad9bb3e23ee4b0713a5b
                                                                                        • Opcode Fuzzy Hash: edd495a3eb806bce708dfd09f75f47a0044e32d2cd5383a21bd3adb2a5963435
                                                                                        • Instruction Fuzzy Hash: C8E0E57221C7042EDA1177B7BC62A573F8CD74576C761447FF90881992C42D6810C67D
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.3317188215.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000001.00000002.3317166610.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317332132.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317386298.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317410099.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                        • Associated: 00000001.00000002.3317481793.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_400000_7i6bUvYZ4L.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastSleep
                                                                                        • String ID:
                                                                                        • API String ID: 1458359878-0
                                                                                        • Opcode ID: 6f2b27bda8ca5cc9560dd93be1cc0b104f7b92667656e0278d509a2706482566
                                                                                        • Instruction ID: f31041694d7e6b08a2ea33ec2b58b28b25921f40701f973673b956735a8b67d8
                                                                                        • Opcode Fuzzy Hash: 6f2b27bda8ca5cc9560dd93be1cc0b104f7b92667656e0278d509a2706482566
                                                                                        • Instruction Fuzzy Hash: 42F02B32705F58A78B21B56A889157FB2A8DB81366750012BFC0CD7313C878CC058BBC

                                                                                        Execution Graph

                                                                                        Execution Coverage:2.6%
                                                                                        Dynamic/Decrypted Code Coverage:66.1%
                                                                                        Signature Coverage:19.9%
                                                                                        Total number of Nodes:493
                                                                                        Total number of Limit Nodes:26
                                                                                        execution_graph 61532 40d222 61533 40d228 61532->61533 61534 40d800 CreateDirectoryA 61533->61534 61535 40d8e4 61536 40d8e5 61535->61536 61537 40dc58 RegCloseKey 61536->61537 61538 40d906 RegOpenKeyExA 61536->61538 61538->61536 61202 2c7cfce WriteFile 61203 2cba490 61202->61203 61204 2c4104d 61209 2c523a4 61204->61209 61215 2c522a8 61209->61215 61211 2c41057 61212 2c41aa9 InterlockedIncrement 61211->61212 61213 2c41ac5 WSAStartup InterlockedExchange 61212->61213 61214 2c4105c 61212->61214 61213->61214 61216 2c522b4 ___DllMainCRTStartup 61215->61216 61223 2c57140 61216->61223 61222 2c522db ___DllMainCRTStartup 61222->61211 61240 2c5749b 61223->61240 61225 2c522bd 61226 2c522ec RtlDecodePointer RtlDecodePointer 61225->61226 61227 2c52319 61226->61227 61228 2c522c9 61226->61228 61227->61228 61249 2c57d0d 60 API calls __fptostr 61227->61249 61237 2c522e6 61228->61237 61230 2c5237c RtlEncodePointer RtlEncodePointer 61230->61228 61231 2c5232b 61231->61230 61232 2c52350 61231->61232 61250 2c576a9 62 API calls 2 library calls 61231->61250 61232->61228 61235 2c5236a RtlEncodePointer 61232->61235 61251 2c576a9 62 API calls 2 library calls 61232->61251 61235->61230 61236 2c52364 61236->61228 61236->61235 61252 2c57149 61237->61252 61241 2c574ac 61240->61241 61242 2c574bf RtlEnterCriticalSection 61240->61242 61247 2c57523 59 API calls 10 library calls 61241->61247 61242->61225 61244 2c574b2 61244->61242 61248 2c56fed 59 API calls 3 library calls 61244->61248 61247->61244 61249->61231 61250->61232 61251->61236 61255 2c57605 RtlLeaveCriticalSection 61252->61255 61254 2c522eb 61254->61222 61255->61254 61256 2c45e4f RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 61326 2c442c7 61256->61326 61258 2c45ebc GetTickCount 61259 2c459fa 59 API calls 61258->61259 61260 2c45ed9 GetVersionExA 61259->61260 61261 2c45f1a _memset 61260->61261 61262 2c51fac _malloc 59 API calls 61261->61262 61263 2c45f27 61262->61263 61264 2c51fac _malloc 59 API calls 61263->61264 61265 2c45f37 61264->61265 61266 2c51fac _malloc 59 API calls 61265->61266 61267 2c45f42 61266->61267 61268 2c51fac _malloc 59 API calls 61267->61268 61269 2c45f4d 61268->61269 61270 2c51fac _malloc 59 API calls 61269->61270 61271 2c45f58 61270->61271 61272 2c51fac _malloc 59 API calls 61271->61272 61273 2c45f63 61272->61273 61274 2c51fac _malloc 59 API calls 61273->61274 61275 2c45f6e 61274->61275 61276 2c51fac _malloc 59 API calls 61275->61276 61277 2c45f7a 6 API calls 61276->61277 61278 2c45fc7 _memset 61277->61278 61279 2c45fe0 RtlEnterCriticalSection RtlLeaveCriticalSection 61278->61279 61280 2c51fac _malloc 59 API calls 61279->61280 61281 2c4601c 61280->61281 61282 2c51fac _malloc 59 API calls 61281->61282 61283 2c4602a 61282->61283 61284 2c51fac _malloc 59 API calls 61283->61284 61285 2c46031 61284->61285 61286 2c51fac _malloc 59 API calls 61285->61286 61287 2c46052 QueryPerformanceCounter Sleep 61286->61287 61288 2c51fac _malloc 59 API calls 61287->61288 61289 2c46078 61288->61289 61290 2c51fac _malloc 59 API calls 61289->61290 61318 2c46088 _memset 61290->61318 61291 2c460f5 Sleep 61292 2c460fb RtlEnterCriticalSection RtlLeaveCriticalSection 61291->61292 61292->61318 61293 2c4648f RtlEnterCriticalSection RtlLeaveCriticalSection 61294 2c5133c 66 API calls 61293->61294 61294->61318 61295 2c51fac _malloc 59 API calls 61296 2c46531 RtlEnterCriticalSection RtlLeaveCriticalSection 61295->61296 61296->61318 61297 2c467e8 RtlEnterCriticalSection RtlLeaveCriticalSection 61297->61318 61298 2c5133c 66 API calls 61298->61318 61299 2c45c02 59 API calls 61299->61318 61300 2c51418 _sprintf 84 API calls 61300->61318 61301 2c41ba7 210 API calls 61301->61318 61302 2c4694d RtlEnterCriticalSection 61303 2c4697a RtlLeaveCriticalSection 61302->61303 61302->61318 61304 2c43c67 72 API calls 61303->61304 61304->61318 61305 2c51fac _malloc 59 API calls 61305->61318 61306 2c43d7e 64 API calls 61306->61318 61307 2c47330 89 API calls 61307->61318 61308 2c525e6 65 API calls _strtok 61308->61318 61309 2c51f74 _free 59 API calls 61309->61318 61310 2c47ff8 88 API calls 61310->61318 61311 2c527b5 _Allocate 60 API calls 61311->61318 61312 2c473df 71 API calls 61312->61318 61313 2c51850 _swscanf 59 API calls 61313->61318 61314 2c4971a 73 API calls 61314->61318 61315 2c433b2 86 API calls 61315->61318 61316 2c4872c 212 API calls 61316->61318 61317 2c49844 60 API calls 61317->61318 61318->61291 61318->61292 61318->61293 61318->61295 61318->61297 61318->61298 61318->61299 61318->61300 61318->61301 61318->61302 61318->61303 61318->61305 61318->61306 61318->61307 61318->61308 61318->61309 61318->61310 61318->61311 61318->61312 61318->61313 61318->61314 61318->61315 61318->61316 61318->61317 61318->61318 61319 2c45119 103 API calls 61318->61319 61320 2c4c10c 73 API calls 61318->61320 61321 2c49c04 210 API calls 61318->61321 61322 2c46765 Sleep 61318->61322 61324 2c46760 shared_ptr 61318->61324 61319->61318 61320->61318 61321->61318 61323 2c508f0 GetProcessHeap HeapFree 61322->61323 61323->61324 61324->61318 61324->61322 61325 2c44100 GetProcessHeap HeapFree 61324->61325 61325->61324 61327 40dd8c 61328 40dd8d CopyFileA 61327->61328 61330 40ddaa OpenSCManagerA 61328->61330 61331 40de14 61330->61331 61331->61331 61540 4027ec GetCommandLineW CommandLineToArgvW 61541 402d02 GetLocalTime 61540->61541 61543 40d034 61541->61543 61546 401f27 61543->61546 61547 401f3c 61546->61547 61550 401a1d 61547->61550 61549 401f45 61551 401a2c 61550->61551 61556 401a4f CreateFileA 61551->61556 61555 401a3e 61555->61549 61557 401a35 61556->61557 61558 401a7d 61556->61558 61564 401b4b LoadLibraryA 61557->61564 61559 401a98 DeviceIoControl 61558->61559 61560 401b3a CloseHandle 61558->61560 61562 401b0e GetLastError 61558->61562 61573 403106 7 API calls 61558->61573 61574 4030f8 12 API calls 61558->61574 61559->61558 61560->61557 61562->61558 61562->61560 61565 401c21 61564->61565 61566 401b6e GetProcAddress 61564->61566 61565->61555 61567 401c18 FreeLibrary 61566->61567 61571 401b85 61566->61571 61567->61565 61568 401b95 GetAdaptersInfo 61568->61571 61570 401c15 61570->61567 61571->61568 61571->61570 61575 403106 7 API calls 61571->61575 61576 4030f8 12 API calls 61571->61576 61573->61558 61574->61558 61575->61571 61576->61571 61332 40dc4d 61333 402caa RegCloseKey 61332->61333 61577 2c8bba6 61578 2cc0017 WriteFile 61577->61578 61579 2cd8174 61578->61579 61335 403310 GetVersion 61359 404454 HeapCreate 61335->61359 61337 40336f 61338 403374 61337->61338 61339 40337c 61337->61339 61434 40342b 8 API calls 61338->61434 61371 404134 61339->61371 61343 403384 GetCommandLineA 61385 404002 61343->61385 61347 40339e 61417 403cfc 61347->61417 61349 4033a3 61350 4033a8 GetStartupInfoA 61349->61350 61430 403ca4 61350->61430 61352 4033ba GetModuleHandleA 61354 4033de 61352->61354 61435 403a4b GetCurrentProcess TerminateProcess ExitProcess 61354->61435 61356 4033e7 61436 403b20 UnhandledExceptionFilter 61356->61436 61358 4033f8 61360 404474 61359->61360 61361 4044aa 61359->61361 61437 40430c 19 API calls 61360->61437 61361->61337 61363 404479 61364 404490 61363->61364 61365 404483 61363->61365 61367 4044ad 61364->61367 61439 40507c HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 61364->61439 61438 40482b HeapAlloc 61365->61438 61367->61337 61368 40448d 61368->61367 61370 40449e HeapDestroy 61368->61370 61370->61361 61440 40344f 61371->61440 61374 404153 GetStartupInfoA 61377 40419f 61374->61377 61378 404264 61374->61378 61377->61378 61381 40344f 12 API calls 61377->61381 61384 404210 61377->61384 61379 4042cb SetHandleCount 61378->61379 61380 40428b GetStdHandle 61378->61380 61379->61343 61380->61378 61382 404299 GetFileType 61380->61382 61381->61377 61382->61378 61383 404232 GetFileType 61383->61384 61384->61378 61384->61383 61386 404050 61385->61386 61387 40401d GetEnvironmentStringsW 61385->61387 61389 404025 61386->61389 61390 404041 61386->61390 61388 404031 GetEnvironmentStrings 61387->61388 61387->61389 61388->61390 61391 403394 61388->61391 61392 404069 WideCharToMultiByte 61389->61392 61393 40405d GetEnvironmentStringsW 61389->61393 61390->61391 61394 4040e3 GetEnvironmentStrings 61390->61394 61395 4040ef 61390->61395 61408 403db5 61391->61408 61397 40409d 61392->61397 61398 4040cf FreeEnvironmentStringsW 61392->61398 61393->61391 61393->61392 61394->61391 61394->61395 61399 40344f 12 API calls 61395->61399 61400 40344f 12 API calls 61397->61400 61398->61391 61407 40410a 61399->61407 61401 4040a3 61400->61401 61401->61398 61402 4040ac WideCharToMultiByte 61401->61402 61404 4040c6 61402->61404 61405 4040bd 61402->61405 61403 404120 FreeEnvironmentStringsA 61403->61391 61404->61398 61449 403501 61405->61449 61407->61403 61409 403dc7 61408->61409 61410 403dcc GetModuleFileNameA 61408->61410 61462 406614 19 API calls 61409->61462 61412 403def 61410->61412 61413 40344f 12 API calls 61412->61413 61414 403e10 61413->61414 61415 403e20 61414->61415 61463 403406 7 API calls 61414->61463 61415->61347 61418 403d09 61417->61418 61420 403d0e 61417->61420 61464 406614 19 API calls 61418->61464 61421 40344f 12 API calls 61420->61421 61422 403d3b 61421->61422 61429 403d4f 61422->61429 61465 403406 7 API calls 61422->61465 61424 403d92 61425 403501 7 API calls 61424->61425 61426 403d9e 61425->61426 61426->61349 61427 40344f 12 API calls 61427->61429 61429->61424 61429->61427 61466 403406 7 API calls 61429->61466 61431 403cad 61430->61431 61433 403cb2 61430->61433 61467 406614 19 API calls 61431->61467 61433->61352 61435->61356 61436->61358 61437->61363 61438->61368 61439->61368 61444 403461 61440->61444 61443 403406 7 API calls 61443->61374 61445 40345e 61444->61445 61447 403468 61444->61447 61445->61374 61445->61443 61447->61445 61448 40348d 12 API calls 61447->61448 61448->61447 61450 40350d 61449->61450 61458 403529 61449->61458 61452 403517 61450->61452 61453 40352d 61450->61453 61451 403558 61454 403559 HeapFree 61451->61454 61452->61454 61455 403523 61452->61455 61453->61451 61457 403547 61453->61457 61454->61458 61460 40489e VirtualFree VirtualFree HeapFree 61455->61460 61461 40532f VirtualFree HeapFree VirtualFree 61457->61461 61458->61404 61460->61458 61461->61458 61462->61410 61463->61415 61464->61420 61465->61429 61466->61429 61467->61433 61580 40d6f0 61581 40d72a 61580->61581 61582 4021e3 61580->61582 61582->61581 61583 40d7c4 61582->61583 61584 402a88 Sleep 61582->61584 61587 401f64 FindResourceA 61583->61587 61584->61582 61586 40dc0f 61588 401f86 GetLastError SizeofResource 61587->61588 61589 401f9f 61587->61589 61588->61589 61590 401fa6 LoadResource LockResource GlobalAlloc 61588->61590 61589->61586 61591 401fd2 61590->61591 61592 401ffb GetTickCount 61591->61592 61594 402005 GlobalAlloc 61592->61594 61594->61589 61468 2c83b1a 61469 2c83b1d CreateFileA 61468->61469 61471 2cc8b1b 61469->61471 61595 4026f2 61596 402b04 VirtualAlloc 61595->61596 61598 4022b3 61599 40d05b LoadLibraryExA 61598->61599 61600 40de19 61599->61600 61472 2c4e99c LoadLibraryA 61473 2c4e9c5 GetProcAddress 61472->61473 61474 2c4ea7f 61472->61474 61475 2c4ea78 FreeLibrary 61473->61475 61477 2c4e9d9 61473->61477 61475->61474 61476 2c4e9eb GetAdaptersInfo 61476->61477 61477->61476 61478 2c4ea73 61477->61478 61480 2c527b5 61477->61480 61478->61475 61483 2c527bd 61480->61483 61482 2c527d7 61482->61477 61483->61482 61485 2c527db std::exception::exception 61483->61485 61488 2c51fac 61483->61488 61505 2c56e63 RtlDecodePointer 61483->61505 61506 2c531ba RaiseException 61485->61506 61487 2c52805 61489 2c52027 61488->61489 61496 2c51fb8 61488->61496 61513 2c56e63 RtlDecodePointer 61489->61513 61491 2c5202d 61514 2c54abb 59 API calls __getptd_noexit 61491->61514 61494 2c51feb RtlAllocateHeap 61494->61496 61504 2c5201f 61494->61504 61496->61494 61497 2c52013 61496->61497 61498 2c51fc3 61496->61498 61502 2c52011 61496->61502 61510 2c56e63 RtlDecodePointer 61496->61510 61511 2c54abb 59 API calls __getptd_noexit 61497->61511 61498->61496 61507 2c57281 59 API calls 2 library calls 61498->61507 61508 2c572de 59 API calls 8 library calls 61498->61508 61509 2c56eca GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 61498->61509 61512 2c54abb 59 API calls __getptd_noexit 61502->61512 61504->61483 61505->61483 61506->61487 61507->61498 61508->61498 61510->61496 61511->61502 61512->61504 61513->61491 61514->61504 61515 40d4d8 lstrcmpiW 61516 2c89210 61517 2cac1a3 DeleteFileA 61516->61517 61518 2cc2015 61519 2ccaecb InternetReadFile 61518->61519 61601 4021f9 61602 402235 CopyFileA 61601->61602 61603 402a82 61602->61603 61520 2c4e898 CreateFileA 61521 2c4e994 61520->61521 61525 2c4e8c9 61520->61525 61522 2c4e8e1 DeviceIoControl 61522->61525 61523 2c4e98a CloseHandle 61523->61521 61524 2c4e956 GetLastError 61524->61523 61524->61525 61525->61522 61525->61523 61525->61524 61525->61525 61526 2c527b5 _Allocate 60 API calls 61525->61526 61526->61525 61527 4026dc 61528 40d396 RegCloseKey 61527->61528 61529 40d474 61528->61529 61530 2c7cf99 SHGetSpecialFolderPathA 61531 2c7cfad 61530->61531 61604 40d4bf 61609 2c52978 61604->61609 61607 40d8f3 61610 2c52986 61609->61610 61611 2c52981 61609->61611 61615 2c5299b 61610->61615 61623 2c5917c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 61611->61623 61614 40d4ce Sleep 61614->61607 61616 2c529a7 ___DllMainCRTStartup 61615->61616 61618 2c52a52 ___DllMainCRTStartup 61616->61618 61619 2c529f5 ___DllMainCRTStartup 61616->61619 61624 2c52806 61616->61624 61618->61614 61619->61618 61621 2c52806 __CRT_INIT@12 138 API calls 61619->61621 61622 2c52a2f 61619->61622 61620 2c52806 __CRT_INIT@12 138 API calls 61620->61618 61621->61622 61622->61618 61622->61620 61623->61610 61625 2c52812 ___DllMainCRTStartup 61624->61625 61626 2c52894 61625->61626 61627 2c5281a 61625->61627 61629 2c528fd 61626->61629 61630 2c52898 61626->61630 61672 2c56e46 GetProcessHeap 61627->61672 61632 2c52960 61629->61632 61633 2c52902 61629->61633 61635 2c528b9 61630->61635 61665 2c52823 ___DllMainCRTStartup __CRT_INIT@12 61630->61665 61761 2c57009 59 API calls _doexit 61630->61761 61631 2c5281f 61631->61665 61673 2c549f4 61631->61673 61632->61665 61792 2c54884 59 API calls 2 library calls 61632->61792 61766 2c57d7b 61633->61766 61762 2c56ee0 61 API calls _free 61635->61762 61638 2c5290d 61638->61665 61769 2c5761a 61638->61769 61641 2c5282f __RTC_Initialize 61649 2c5283f GetCommandLineA 61641->61649 61641->61665 61642 2c528be 61644 2c528cf __CRT_INIT@12 61642->61644 61763 2c58e1a 60 API calls _free 61642->61763 61765 2c528e8 62 API calls __mtterm 61644->61765 61648 2c528ca 61764 2c54a6a 62 API calls 2 library calls 61648->61764 61694 2c59218 GetEnvironmentStringsW 61649->61694 61653 2c52936 61655 2c52954 61653->61655 61656 2c5293c 61653->61656 61786 2c51f74 61655->61786 61776 2c54941 61656->61776 61660 2c52859 61662 2c5285d 61660->61662 61726 2c58e6c 61660->61726 61661 2c52944 GetCurrentThreadId 61661->61665 61759 2c54a6a 62 API calls 2 library calls 61662->61759 61665->61619 61671 2c5287d 61671->61665 61760 2c58e1a 60 API calls _free 61671->61760 61672->61631 61793 2c570b0 36 API calls 2 library calls 61673->61793 61675 2c549f9 61794 2c575cc InitializeCriticalSectionAndSpinCount __mtinitlocks 61675->61794 61677 2c549fe 61678 2c54a02 61677->61678 61796 2c57d3e TlsAlloc 61677->61796 61795 2c54a6a 62 API calls 2 library calls 61678->61795 61681 2c54a07 61681->61641 61682 2c54a14 61682->61678 61683 2c54a1f 61682->61683 61684 2c5761a __calloc_crt 59 API calls 61683->61684 61685 2c54a2c 61684->61685 61686 2c54a61 61685->61686 61797 2c57d9a TlsSetValue 61685->61797 61798 2c54a6a 62 API calls 2 library calls 61686->61798 61689 2c54a40 61689->61686 61691 2c54a46 61689->61691 61690 2c54a66 61690->61641 61692 2c54941 __initptd 59 API calls 61691->61692 61693 2c54a4e GetCurrentThreadId 61692->61693 61693->61641 61695 2c5922b WideCharToMultiByte 61694->61695 61700 2c5284f 61694->61700 61697 2c59295 FreeEnvironmentStringsW 61695->61697 61698 2c5925e 61695->61698 61697->61700 61799 2c57662 59 API calls 2 library calls 61698->61799 61707 2c58b66 61700->61707 61701 2c59264 61701->61697 61702 2c5926b WideCharToMultiByte 61701->61702 61703 2c59281 61702->61703 61704 2c5928a FreeEnvironmentStringsW 61702->61704 61705 2c51f74 _free 59 API calls 61703->61705 61704->61700 61706 2c59287 61705->61706 61706->61704 61708 2c58b72 ___DllMainCRTStartup 61707->61708 61709 2c5749b __lock 59 API calls 61708->61709 61710 2c58b79 61709->61710 61711 2c5761a __calloc_crt 59 API calls 61710->61711 61713 2c58b8a 61711->61713 61712 2c58bf5 GetStartupInfoW 61719 2c58d39 61712->61719 61722 2c58c0a 61712->61722 61713->61712 61714 2c58b95 ___DllMainCRTStartup @_EH4_CallFilterFunc@8 61713->61714 61714->61660 61715 2c58e01 61802 2c58e11 RtlLeaveCriticalSection _doexit 61715->61802 61717 2c5761a __calloc_crt 59 API calls 61717->61722 61718 2c58d86 GetStdHandle 61718->61719 61719->61715 61719->61718 61721 2c58d99 GetFileType 61719->61721 61801 2c57dbc InitializeCriticalSectionAndSpinCount 61719->61801 61720 2c58c58 61720->61719 61723 2c58c8c GetFileType 61720->61723 61800 2c57dbc InitializeCriticalSectionAndSpinCount 61720->61800 61721->61719 61722->61717 61722->61719 61722->61720 61723->61720 61727 2c58e7f GetModuleFileNameA 61726->61727 61728 2c58e7a 61726->61728 61730 2c58eac 61727->61730 61809 2c53eea 71 API calls __setmbcp 61728->61809 61803 2c58f1f 61730->61803 61732 2c52869 61732->61671 61737 2c5909b 61732->61737 61735 2c58ee5 61735->61732 61736 2c58f1f _parse_cmdline 59 API calls 61735->61736 61736->61732 61738 2c590a4 61737->61738 61741 2c590a9 _strlen 61737->61741 61813 2c53eea 71 API calls __setmbcp 61738->61813 61740 2c52872 61740->61671 61753 2c57018 61740->61753 61741->61740 61742 2c5761a __calloc_crt 59 API calls 61741->61742 61746 2c590df _strlen 61742->61746 61743 2c59131 61744 2c51f74 _free 59 API calls 61743->61744 61744->61740 61745 2c5761a __calloc_crt 59 API calls 61745->61746 61746->61740 61746->61743 61746->61745 61747 2c59158 61746->61747 61750 2c5916f 61746->61750 61814 2c5591c 59 API calls __fptostr 61746->61814 61748 2c51f74 _free 59 API calls 61747->61748 61748->61740 61815 2c53b65 8 API calls 2 library calls 61750->61815 61752 2c5917b 61755 2c57024 __IsNonwritableInCurrentImage 61753->61755 61816 2c5ab7f 61755->61816 61756 2c57042 __initterm_e 61757 2c523a4 __cinit 68 API calls 61756->61757 61758 2c57061 __cinit __IsNonwritableInCurrentImage 61756->61758 61757->61758 61758->61671 61759->61665 61760->61662 61761->61635 61762->61642 61763->61648 61764->61644 61765->61665 61767 2c57d92 TlsGetValue 61766->61767 61768 2c57d8e 61766->61768 61767->61638 61768->61638 61771 2c57621 61769->61771 61772 2c5291e 61771->61772 61774 2c5763f 61771->61774 61819 2c5e9a8 61771->61819 61772->61665 61775 2c57d9a TlsSetValue 61772->61775 61774->61771 61774->61772 61827 2c580b7 Sleep 61774->61827 61775->61653 61777 2c5494d ___DllMainCRTStartup 61776->61777 61778 2c5749b __lock 59 API calls 61777->61778 61779 2c5498a 61778->61779 61830 2c549e2 61779->61830 61782 2c5749b __lock 59 API calls 61783 2c549ab ___addlocaleref 61782->61783 61833 2c549eb 61783->61833 61785 2c549d6 ___DllMainCRTStartup 61785->61661 61787 2c51f7d HeapFree 61786->61787 61788 2c51fa6 __dosmaperr 61786->61788 61787->61788 61789 2c51f92 61787->61789 61788->61665 61838 2c54abb 59 API calls __getptd_noexit 61789->61838 61791 2c51f98 GetLastError 61791->61788 61792->61665 61793->61675 61794->61677 61795->61681 61796->61682 61797->61689 61798->61690 61799->61701 61800->61720 61801->61719 61802->61714 61805 2c58f41 61803->61805 61808 2c58fa5 61805->61808 61811 2c5ef86 59 API calls x_ismbbtype_l 61805->61811 61806 2c58ec2 61806->61732 61810 2c57662 59 API calls 2 library calls 61806->61810 61808->61806 61812 2c5ef86 59 API calls x_ismbbtype_l 61808->61812 61809->61727 61810->61735 61811->61805 61812->61808 61813->61741 61814->61746 61815->61752 61817 2c5ab82 RtlEncodePointer 61816->61817 61817->61817 61818 2c5ab9c 61817->61818 61818->61756 61820 2c5e9b3 61819->61820 61825 2c5e9ce 61819->61825 61821 2c5e9bf 61820->61821 61820->61825 61828 2c54abb 59 API calls __getptd_noexit 61821->61828 61823 2c5e9de RtlAllocateHeap 61824 2c5e9c4 61823->61824 61823->61825 61824->61771 61825->61823 61825->61824 61829 2c56e63 RtlDecodePointer 61825->61829 61827->61774 61828->61824 61829->61825 61836 2c57605 RtlLeaveCriticalSection 61830->61836 61832 2c549a4 61832->61782 61837 2c57605 RtlLeaveCriticalSection 61833->61837 61835 2c549f2 61835->61785 61836->61832 61837->61835 61838->61791

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 2c45e4f-2c460dd RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2c442c7 GetTickCount call 2c459fa GetVersionExA call 2c53750 call 2c51fac * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2c53750 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2c51fac * 4 QueryPerformanceCounter Sleep call 2c51fac * 2 call 2c53750 * 2 45 2c460e1-2c460e3 0->45 46 2c460e5-2c460ea 45->46 47 2c460ec-2c460ee 45->47 48 2c460f5 Sleep 46->48 49 2c460f0 47->49 50 2c460fb-2c46439 RtlEnterCriticalSection RtlLeaveCriticalSection 47->50 48->50 49->48 53 2c46455-2c4645f 50->53 54 2c4643b-2c46441 50->54 53->45 57 2c46465-2c46489 call 2c53750 call 2c4439c 53->57 55 2c46447-2c46454 call 2c4534d 54->55 56 2c46443-2c46445 54->56 55->53 56->53 57->45 64 2c4648f-2c464ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2c5133c 57->64 67 2c46504-2c4651c call 2c5133c 64->67 68 2c464bc-2c464cb call 2c5133c 64->68 73 2c46522-2c46524 67->73 74 2c467c3-2c467d2 call 2c5133c 67->74 68->67 75 2c464cd-2c464dc call 2c5133c 68->75 73->74 76 2c4652a-2c465d5 call 2c51fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2c53750 * 5 call 2c4439c * 2 73->76 83 2c467d4-2c467d6 74->83 84 2c46817-2c46826 call 2c5133c 74->84 75->67 85 2c464de-2c464ed call 2c5133c 75->85 127 2c465d7-2c465d9 76->127 128 2c46612 76->128 83->84 87 2c467d8-2c46812 call 2c53750 RtlEnterCriticalSection RtlLeaveCriticalSection 83->87 97 2c46828-2c46831 call 2c45c02 call 2c45d10 84->97 98 2c4683b-2c4684a call 2c5133c 84->98 85->67 96 2c464ef-2c464fe call 2c5133c 85->96 87->45 96->45 96->67 110 2c46836 97->110 98->45 108 2c46850-2c46852 98->108 108->45 111 2c46858-2c46871 call 2c4439c 108->111 110->45 111->45 117 2c46877-2c46946 call 2c51418 call 2c41ba7 111->117 129 2c4694d-2c4696e RtlEnterCriticalSection 117->129 130 2c46948 call 2c4143f 117->130 127->128 134 2c465db-2c465ed call 2c5133c 127->134 135 2c46616-2c46644 call 2c51fac call 2c53750 call 2c4439c 128->135 132 2c46970-2c46977 129->132 133 2c4697a-2c469e1 RtlLeaveCriticalSection call 2c43c67 call 2c43d7e call 2c47330 129->133 130->129 132->133 155 2c469e7-2c46a29 call 2c4971a 133->155 156 2c46b49-2c46b5d call 2c47ff8 133->156 134->128 143 2c465ef-2c46610 call 2c4439c 134->143 153 2c46685-2c4668e call 2c51f74 135->153 154 2c46646-2c46655 call 2c525e6 135->154 143->135 165 2c46694-2c466ac call 2c527b5 153->165 166 2c467b1-2c467be 153->166 154->153 167 2c46657 154->167 168 2c46b13-2c46b24 call 2c473df 155->168 169 2c46a2f-2c46a36 155->169 156->45 179 2c466ae-2c466b6 call 2c4872c 165->179 180 2c466b8 165->180 166->45 171 2c4665c-2c4666e call 2c51850 167->171 176 2c46b29-2c46b44 call 2c433b2 168->176 173 2c46a39-2c46a3e 169->173 186 2c46670 171->186 187 2c46673-2c46683 call 2c525e6 171->187 173->173 177 2c46a40-2c46a85 call 2c4971a 173->177 176->156 177->168 188 2c46a8b-2c46a91 177->188 183 2c466ba-2c46748 call 2c49844 call 2c43863 call 2c45119 call 2c43863 call 2c49aea call 2c49c04 179->183 180->183 210 2c4674d-2c4675e 183->210 186->187 187->153 187->171 192 2c46a94-2c46a99 188->192 192->192 195 2c46a9b-2c46ad6 call 2c4971a 192->195 195->168 201 2c46ad8-2c46b0c call 2c4c10c 195->201 205 2c46b11-2c46b12 201->205 205->168 211 2c46765-2c46790 Sleep call 2c508f0 210->211 212 2c46760 call 2c4380b 210->212 216 2c46792-2c4679b call 2c44100 211->216 217 2c4679c-2c467aa 211->217 212->211 216->217 217->166 219 2c467ac call 2c4380b 217->219 219->166
                                                                                        APIs
                                                                                        • RtlInitializeCriticalSection.NTDLL(02C74FC8), ref: 02C45E83
                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02C45E9A
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C45EA3
                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02C45EB2
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 02C45EB5
                                                                                        • GetTickCount.KERNEL32 ref: 02C45EC9
                                                                                          • Part of subcall function 02C459FA: _malloc.LIBCMT ref: 02C45A08
                                                                                        • GetVersionExA.KERNEL32(02C74E18), ref: 02C45EF6
                                                                                        • _memset.LIBCMT ref: 02C45F15
                                                                                        • _malloc.LIBCMT ref: 02C45F22
                                                                                          • Part of subcall function 02C51FAC: __FF_MSGBANNER.LIBCMT ref: 02C51FC3
                                                                                          • Part of subcall function 02C51FAC: __NMSG_WRITE.LIBCMT ref: 02C51FCA
                                                                                          • Part of subcall function 02C51FAC: RtlAllocateHeap.NTDLL(00A90000,00000000,00000001), ref: 02C51FEF
                                                                                        • _malloc.LIBCMT ref: 02C45F32
                                                                                        • _malloc.LIBCMT ref: 02C45F3D
                                                                                        • _malloc.LIBCMT ref: 02C45F48
                                                                                        • _malloc.LIBCMT ref: 02C45F53
                                                                                        • _malloc.LIBCMT ref: 02C45F5E
                                                                                        • _malloc.LIBCMT ref: 02C45F69
                                                                                        • _malloc.LIBCMT ref: 02C45F75
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02C45F8C
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C45F95
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02C45FA1
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C45FA4
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02C45FAF
                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 02C45FB2
                                                                                        • _memset.LIBCMT ref: 02C45FC2
                                                                                        • _memset.LIBCMT ref: 02C45FCE
                                                                                        • _memset.LIBCMT ref: 02C45FDB
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C45FE9
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C45FF6
                                                                                        • _malloc.LIBCMT ref: 02C46017
                                                                                        • _malloc.LIBCMT ref: 02C46025
                                                                                        • _malloc.LIBCMT ref: 02C4602C
                                                                                        • _malloc.LIBCMT ref: 02C4604D
                                                                                        • QueryPerformanceCounter.KERNEL32(00000200), ref: 02C46059
                                                                                        • Sleep.KERNEL32(00000000), ref: 02C46067
                                                                                        • _malloc.LIBCMT ref: 02C46073
                                                                                        • _malloc.LIBCMT ref: 02C46083
                                                                                        • _memset.LIBCMT ref: 02C46098
                                                                                        • _memset.LIBCMT ref: 02C460A8
                                                                                        • Sleep.KERNEL32(0000EA60), ref: 02C460F5
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C46100
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C46111
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _malloc$Heap$_memset$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                        • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$gpt=%.8x&advizor=%d&box=%d&hp=%x&lp=%x&line=%d&os=%d.%d.%04d&flag=%d&itd=%d$ntdll.dll$sprintf$strcat
                                                                                        • API String ID: 1856495841-1038016512
                                                                                        • Opcode ID: 996b4efbb999d0bb5ab60064c35d1943145d218054a16d91a787ff969438d1d8
                                                                                        • Instruction ID: 2b0a2811a726d2e20a0c14638e6666ee004b55f7b94f7b0170f7b385a6f96ac5
                                                                                        • Opcode Fuzzy Hash: 996b4efbb999d0bb5ab60064c35d1943145d218054a16d91a787ff969438d1d8
                                                                                        • Instruction Fuzzy Hash: 9071C3B1D483909FD310AF74AC48B5B7FE8AF85344F180E29F98897241DBB988548BD6

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 686 401b4b-401b68 LoadLibraryA 687 401c21-401c25 686->687 688 401b6e-401b7f GetProcAddress 686->688 689 401b85-401b8e 688->689 690 401c18-401c1b FreeLibrary 688->690 691 401b95-401ba5 GetAdaptersInfo 689->691 690->687 692 401ba7-401bb0 691->692 693 401bdb-401be3 691->693 696 401bc1-401bd7 call 403120 call 4018cc 692->696 697 401bb2-401bb6 692->697 694 401be5-401beb call 403106 693->694 695 401bec-401bf0 693->695 694->695 701 401bf2-401bf6 695->701 702 401c15-401c17 695->702 696->693 697->693 698 401bb8-401bbf 697->698 698->696 698->697 701->702 705 401bf8-401bfb 701->705 702->690 707 401c06-401c13 call 4030f8 705->707 708 401bfd-401c03 705->708 707->691 707->702 708->707
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 00401B5D
                                                                                        • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                                                        • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                                                        • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                        • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                                                        • API String ID: 514930453-3667123677
                                                                                        • Opcode ID: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                                        • Instruction ID: a9f54c968f2091474e8feb0d981771773be25d9c6ef5ebc30493122ab1168d3f
                                                                                        • Opcode Fuzzy Hash: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                                        • Instruction Fuzzy Hash: E821B870904209AEDF219F65C9447EF7FB8EF45345F0440BAE604B62A1E7389A85CB69

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 760 2c4e99c-2c4e9bf LoadLibraryA 761 2c4e9c5-2c4e9d3 GetProcAddress 760->761 762 2c4ea7f-2c4ea86 760->762 763 2c4ea78-2c4ea79 FreeLibrary 761->763 764 2c4e9d9-2c4e9e9 761->764 763->762 765 2c4e9eb-2c4e9f7 GetAdaptersInfo 764->765 766 2c4ea2f-2c4ea37 765->766 767 2c4e9f9 765->767 769 2c4ea40-2c4ea45 766->769 770 2c4ea39-2c4ea3f call 2c526cf 766->770 768 2c4e9fb-2c4ea02 767->768 773 2c4ea04-2c4ea08 768->773 774 2c4ea0c-2c4ea14 768->774 771 2c4ea47-2c4ea4a 769->771 772 2c4ea73-2c4ea77 769->772 770->769 771->772 776 2c4ea4c-2c4ea51 771->776 772->763 773->768 777 2c4ea0a 773->777 778 2c4ea17-2c4ea1c 774->778 780 2c4ea53-2c4ea5b 776->780 781 2c4ea5e-2c4ea69 call 2c527b5 776->781 777->766 778->778 782 2c4ea1e-2c4ea2b call 2c4e6eb 778->782 780->781 781->772 787 2c4ea6b-2c4ea6e 781->787 782->766 787->765
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02C4E9B2
                                                                                        • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02C4E9CB
                                                                                        • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02C4E9F0
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 02C4EA79
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                        • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                                        • API String ID: 514930453-3114217049
                                                                                        • Opcode ID: 68542a90652c3bbd7659f408fab7d333b20e9dd6cd12edfe374d8ab404777013
                                                                                        • Instruction ID: f99962cc1af12a90f6d961126e2d6ef4b2fbeac3de66318551dc6e9b0fce7416
                                                                                        • Opcode Fuzzy Hash: 68542a90652c3bbd7659f408fab7d333b20e9dd6cd12edfe374d8ab404777013
                                                                                        • Instruction Fuzzy Hash: A621C171E442099BDB10DBA988847FFBBF8BF45250F1501AAE505E7241DB30DA45CBA4

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 845 2c4e898-2c4e8c3 CreateFileA 846 2c4e994-2c4e99b 845->846 847 2c4e8c9-2c4e8de 845->847 848 2c4e8e1-2c4e903 DeviceIoControl 847->848 849 2c4e905-2c4e90d 848->849 850 2c4e93c-2c4e944 848->850 853 2c4e916-2c4e91b 849->853 854 2c4e90f-2c4e914 849->854 851 2c4e946-2c4e94c call 2c526cf 850->851 852 2c4e94d-2c4e94f 850->852 851->852 856 2c4e951-2c4e954 852->856 857 2c4e98a-2c4e993 CloseHandle 852->857 853->850 858 2c4e91d-2c4e925 853->858 854->850 860 2c4e956-2c4e95f GetLastError 856->860 861 2c4e970-2c4e97d call 2c527b5 856->861 857->846 862 2c4e928-2c4e92d 858->862 860->857 863 2c4e961-2c4e964 860->863 861->857 869 2c4e97f-2c4e985 861->869 862->862 865 2c4e92f-2c4e93b call 2c4e6eb 862->865 863->861 866 2c4e966-2c4e96d 863->866 865->850 866->861 869->848
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02C4E8B7
                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02C4E8F5
                                                                                        • GetLastError.KERNEL32 ref: 02C4E956
                                                                                        • CloseHandle.KERNEL32(?), ref: 02C4E98D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                        • String ID: \\.\PhysicalDrive0
                                                                                        • API String ID: 4026078076-1180397377
                                                                                        • Opcode ID: 0daa57b4bf6d7a64f3cc3190780c286e5579b49fd4b44649d5cc0d64a6be0f8c
                                                                                        • Instruction ID: 3e4a7ab43ffebe67d91005917253c17e1fe3f9c110147c75ae4a6eda76fd905e
                                                                                        • Opcode Fuzzy Hash: 0daa57b4bf6d7a64f3cc3190780c286e5579b49fd4b44649d5cc0d64a6be0f8c
                                                                                        • Instruction Fuzzy Hash: 22316B71D00219EBDB24CF95D884BEFBBB8FF45754F25416AE505A7280DBB09A05CBA0

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 871 401a4f-401a77 CreateFileA 872 401b45-401b4a 871->872 873 401a7d-401a91 871->873 874 401a98-401ac0 DeviceIoControl 873->874 875 401ac2-401aca 874->875 876 401af3-401afb 874->876 877 401ad4-401ad9 875->877 878 401acc-401ad2 875->878 879 401b04-401b07 876->879 880 401afd-401b03 call 403106 876->880 877->876 883 401adb-401af1 call 403120 call 4018cc 877->883 878->876 881 401b09-401b0c 879->881 882 401b3a-401b44 CloseHandle 879->882 880->879 885 401b27-401b34 call 4030f8 881->885 886 401b0e-401b17 GetLastError 881->886 882->872 883->876 885->874 885->882 886->882 889 401b19-401b1c 886->889 889->885 892 401b1e-401b24 889->892 892->885
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                                                        • DeviceIoControl.KERNEL32(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                                                        • GetLastError.KERNEL32 ref: 00401B0E
                                                                                        • CloseHandle.KERNEL32(?), ref: 00401B3D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                        • String ID: \\.\PhysicalDrive0
                                                                                        • API String ID: 4026078076-1180397377
                                                                                        • Opcode ID: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                                        • Instruction ID: ae54cd8959710a424601ffd4623f532e2396a469a493930b182490efebea7a61
                                                                                        • Opcode Fuzzy Hash: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                                        • Instruction Fuzzy Hash: 50318D71D01118EECB21EF95CD809EFBBB8EF45750F20807AE514B22A0E7785E45CB98
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileInternetRead
                                                                                        • String ID:
                                                                                        • API String ID: 778332206-0
                                                                                        • Opcode ID: f28f916f48cb25ada5ab1dd6c3ad98216c6dcec03d306ce8b189ebe6d6a6d743
                                                                                        • Instruction ID: 7e6652cc66f57756cca0d3763ccf7097b07bc794458d116602550e5ea6726c28
                                                                                        • Opcode Fuzzy Hash: f28f916f48cb25ada5ab1dd6c3ad98216c6dcec03d306ce8b189ebe6d6a6d743
                                                                                        • Instruction Fuzzy Hash: 390180F280C704AFE7087E69EC8977AFBE4EF59710F12452DE2C047644EA7464408AD7

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 222 2c4633e-2c4634f 223 2c46350-2c46359 222->223 224 2c4635d-2c4637c 223->224 224->222 225 2c4637e-2c46398 224->225 226 2c463a9-2c463b4 225->226 227 2c4639a-2c463a8 225->227 226->223 228 2c463b6-2c463ca 226->228 227->226 228->224 229 2c463cc-2c463dd 228->229 230 2c4641d-2c46439 229->230 231 2c463df-2c463f0 229->231 232 2c46455-2c4645f 230->232 233 2c4643b-2c46441 230->233 231->230 236 2c46465-2c46489 call 2c53750 call 2c4439c 232->236 237 2c460e1-2c460e3 232->237 234 2c46447-2c46454 call 2c4534d 233->234 235 2c46443-2c46445 233->235 234->232 235->232 236->237 250 2c4648f-2c464ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2c5133c 236->250 239 2c460e5-2c460ea 237->239 240 2c460ec-2c460ee 237->240 243 2c460f5 Sleep 239->243 244 2c460f0 240->244 245 2c460fb-2c4641b RtlEnterCriticalSection RtlLeaveCriticalSection 240->245 243->245 244->243 245->230 253 2c46504-2c4651c call 2c5133c 250->253 254 2c464bc-2c464cb call 2c5133c 250->254 259 2c46522-2c46524 253->259 260 2c467c3-2c467d2 call 2c5133c 253->260 254->253 261 2c464cd-2c464dc call 2c5133c 254->261 259->260 262 2c4652a-2c465d5 call 2c51fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2c53750 * 5 call 2c4439c * 2 259->262 269 2c467d4-2c467d6 260->269 270 2c46817-2c46826 call 2c5133c 260->270 261->253 271 2c464de-2c464ed call 2c5133c 261->271 313 2c465d7-2c465d9 262->313 314 2c46612 262->314 269->270 273 2c467d8-2c46812 call 2c53750 RtlEnterCriticalSection RtlLeaveCriticalSection 269->273 283 2c46828-2c46836 call 2c45c02 call 2c45d10 270->283 284 2c4683b-2c4684a call 2c5133c 270->284 271->253 282 2c464ef-2c464fe call 2c5133c 271->282 273->237 282->237 282->253 283->237 284->237 294 2c46850-2c46852 284->294 294->237 297 2c46858-2c46871 call 2c4439c 294->297 297->237 303 2c46877-2c46946 call 2c51418 call 2c41ba7 297->303 315 2c4694d-2c4696e RtlEnterCriticalSection 303->315 316 2c46948 call 2c4143f 303->316 313->314 320 2c465db-2c465ed call 2c5133c 313->320 321 2c46616-2c46644 call 2c51fac call 2c53750 call 2c4439c 314->321 318 2c46970-2c46977 315->318 319 2c4697a-2c469e1 RtlLeaveCriticalSection call 2c43c67 call 2c43d7e call 2c47330 315->319 316->315 318->319 341 2c469e7-2c46a29 call 2c4971a 319->341 342 2c46b49-2c46b5d call 2c47ff8 319->342 320->314 329 2c465ef-2c46610 call 2c4439c 320->329 339 2c46685-2c4668e call 2c51f74 321->339 340 2c46646-2c46655 call 2c525e6 321->340 329->321 351 2c46694-2c466ac call 2c527b5 339->351 352 2c467b1-2c467be 339->352 340->339 353 2c46657 340->353 354 2c46b13-2c46b44 call 2c473df call 2c433b2 341->354 355 2c46a2f-2c46a36 341->355 342->237 365 2c466ae-2c466b6 call 2c4872c 351->365 366 2c466b8 351->366 352->237 357 2c4665c-2c4666e call 2c51850 353->357 354->342 359 2c46a39-2c46a3e 355->359 372 2c46670 357->372 373 2c46673-2c46683 call 2c525e6 357->373 359->359 363 2c46a40-2c46a85 call 2c4971a 359->363 363->354 374 2c46a8b-2c46a91 363->374 369 2c466ba-2c4675e call 2c49844 call 2c43863 call 2c45119 call 2c43863 call 2c49aea call 2c49c04 365->369 366->369 397 2c46765-2c46790 Sleep call 2c508f0 369->397 398 2c46760 call 2c4380b 369->398 372->373 373->339 373->357 378 2c46a94-2c46a99 374->378 378->378 381 2c46a9b-2c46ad6 call 2c4971a 378->381 381->354 387 2c46ad8-2c46b12 call 2c4c10c 381->387 387->354 402 2c46792-2c4679b call 2c44100 397->402 403 2c4679c-2c467aa 397->403 398->397 402->403 403->352 405 2c467ac call 2c4380b 403->405 405->352
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                        • API String ID: 0-2823103634
                                                                                        • Opcode ID: 28b484db76f3cbcafd61ed239195d1c0a83da3945d9285dc878c752aadf50538
                                                                                        • Instruction ID: 27deb9cb64d523e91abd997f3db5722e639838606426ea497ff01f8627b043db
                                                                                        • Opcode Fuzzy Hash: 28b484db76f3cbcafd61ed239195d1c0a83da3945d9285dc878c752aadf50538
                                                                                        • Instruction Fuzzy Hash: 712266716083819FE734DB24C845BEFBBE9AFC6714F24092EE48997281EF709544CB96

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 408 2c463fe-2c46439 410 2c46455-2c4645f 408->410 411 2c4643b-2c46441 408->411 414 2c46465-2c46489 call 2c53750 call 2c4439c 410->414 415 2c460e1-2c460e3 410->415 412 2c46447-2c46454 call 2c4534d 411->412 413 2c46443-2c46445 411->413 412->410 413->410 414->415 427 2c4648f-2c464ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2c5133c 414->427 417 2c460e5-2c460ea 415->417 418 2c460ec-2c460ee 415->418 421 2c460f5 Sleep 417->421 422 2c460f0 418->422 423 2c460fb-2c4612a RtlEnterCriticalSection RtlLeaveCriticalSection 418->423 421->423 422->421 423->408 430 2c46504-2c4651c call 2c5133c 427->430 431 2c464bc-2c464cb call 2c5133c 427->431 436 2c46522-2c46524 430->436 437 2c467c3-2c467d2 call 2c5133c 430->437 431->430 438 2c464cd-2c464dc call 2c5133c 431->438 436->437 439 2c4652a-2c465d5 call 2c51fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2c53750 * 5 call 2c4439c * 2 436->439 446 2c467d4-2c467d6 437->446 447 2c46817-2c46826 call 2c5133c 437->447 438->430 448 2c464de-2c464ed call 2c5133c 438->448 490 2c465d7-2c465d9 439->490 491 2c46612 439->491 446->447 450 2c467d8-2c46812 call 2c53750 RtlEnterCriticalSection RtlLeaveCriticalSection 446->450 460 2c46828-2c46836 call 2c45c02 call 2c45d10 447->460 461 2c4683b-2c4684a call 2c5133c 447->461 448->430 459 2c464ef-2c464fe call 2c5133c 448->459 450->415 459->415 459->430 460->415 461->415 471 2c46850-2c46852 461->471 471->415 474 2c46858-2c46871 call 2c4439c 471->474 474->415 480 2c46877-2c46946 call 2c51418 call 2c41ba7 474->480 492 2c4694d-2c4696e RtlEnterCriticalSection 480->492 493 2c46948 call 2c4143f 480->493 490->491 497 2c465db-2c465ed call 2c5133c 490->497 498 2c46616-2c46644 call 2c51fac call 2c53750 call 2c4439c 491->498 495 2c46970-2c46977 492->495 496 2c4697a-2c469e1 RtlLeaveCriticalSection call 2c43c67 call 2c43d7e call 2c47330 492->496 493->492 495->496 518 2c469e7-2c46a29 call 2c4971a 496->518 519 2c46b49-2c46b5d call 2c47ff8 496->519 497->491 506 2c465ef-2c46610 call 2c4439c 497->506 516 2c46685-2c4668e call 2c51f74 498->516 517 2c46646-2c46655 call 2c525e6 498->517 506->498 528 2c46694-2c466ac call 2c527b5 516->528 529 2c467b1-2c467be 516->529 517->516 530 2c46657 517->530 531 2c46b13-2c46b44 call 2c473df call 2c433b2 518->531 532 2c46a2f-2c46a36 518->532 519->415 542 2c466ae-2c466b6 call 2c4872c 528->542 543 2c466b8 528->543 529->415 534 2c4665c-2c4666e call 2c51850 530->534 531->519 536 2c46a39-2c46a3e 532->536 549 2c46670 534->549 550 2c46673-2c46683 call 2c525e6 534->550 536->536 540 2c46a40-2c46a85 call 2c4971a 536->540 540->531 551 2c46a8b-2c46a91 540->551 546 2c466ba-2c4675e call 2c49844 call 2c43863 call 2c45119 call 2c43863 call 2c49aea call 2c49c04 542->546 543->546 574 2c46765-2c46790 Sleep call 2c508f0 546->574 575 2c46760 call 2c4380b 546->575 549->550 550->516 550->534 555 2c46a94-2c46a99 551->555 555->555 558 2c46a9b-2c46ad6 call 2c4971a 555->558 558->531 564 2c46ad8-2c46b12 call 2c4c10c 558->564 564->531 579 2c46792-2c4679b call 2c44100 574->579 580 2c4679c-2c467aa 574->580 575->574 579->580 580->529 582 2c467ac call 2c4380b 580->582 582->529
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: _memset$CriticalSection$EnterLeave_malloc_strtok$_free_swscanf
                                                                                        • String ID: <htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                        • API String ID: 3441009308-1437582238
                                                                                        • Opcode ID: fd8af8a6af464f3707b4a3b05fae590b9f2f095dc8cf8c879d9c9fc332a6e795
                                                                                        • Instruction ID: a03079e14a2c201c35947fa14c7b17ce7cbe26f458d2d3c32a7816b52a61b904
                                                                                        • Opcode Fuzzy Hash: fd8af8a6af464f3707b4a3b05fae590b9f2f095dc8cf8c879d9c9fc332a6e795
                                                                                        • Instruction Fuzzy Hash: A9A1B9716483406BE724AB349C54B6F7BEA9FC3728F28081DF889A7281DF71D940CB56

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C41D11
                                                                                        • GetLastError.KERNEL32 ref: 02C41D23
                                                                                          • Part of subcall function 02C41712: __EH_prolog.LIBCMT ref: 02C41717
                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C41D59
                                                                                        • GetLastError.KERNEL32 ref: 02C41D6B
                                                                                        • __beginthreadex.LIBCMT ref: 02C41DB1
                                                                                        • GetLastError.KERNEL32 ref: 02C41DC6
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C41DDD
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C41DEC
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C41E14
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 02C41E1B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                                                        • String ID: thread$thread.entry_event$thread.exit_event
                                                                                        • API String ID: 831262434-3017686385
                                                                                        • Opcode ID: 6d68aceb95437836a3f9e48a7a19135307849e956c395bbd3c2fd24033308545
                                                                                        • Instruction ID: 0ae3394f08c3f88ee46df0b6f5167160f576496753edf146112ceda546a914d0
                                                                                        • Opcode Fuzzy Hash: 6d68aceb95437836a3f9e48a7a19135307849e956c395bbd3c2fd24033308545
                                                                                        • Instruction Fuzzy Hash: 8D314FB5A043119FD700EF24C888B2BBBA5EF84790F14492DF99997290DB70D989CFD2

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C44D8B
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C44DB7
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C44DC3
                                                                                          • Part of subcall function 02C44BED: __EH_prolog.LIBCMT ref: 02C44BF2
                                                                                          • Part of subcall function 02C44BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02C44CF2
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C44E93
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C44E99
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C44EA0
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C44EA6
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C450A7
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C450AD
                                                                                        • RtlEnterCriticalSection.NTDLL(02C74FC8), ref: 02C450B8
                                                                                        • RtlLeaveCriticalSection.NTDLL(02C74FC8), ref: 02C450C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                                        • String ID:
                                                                                        • API String ID: 2062355503-0
                                                                                        • Opcode ID: c3006f71e0e30d38f296a8e068379414ace5f5778907fd767c424e3ca949b1dc
                                                                                        • Instruction ID: c8cd246867dfe91c47515271481ad0e65f4bd9278198659110c2dd8d2705dc4c
                                                                                        • Opcode Fuzzy Hash: c3006f71e0e30d38f296a8e068379414ace5f5778907fd767c424e3ca949b1dc
                                                                                        • Instruction Fuzzy Hash: B5B16A71D0025DDFEF25DFA0D844BEEBBB5AF54308F20415AE80576280DBB56A89CFA1

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 712 401f64-401f84 FindResourceA 713 401f86-401f9d GetLastError SizeofResource 712->713 714 401f9f-401fa1 712->714 713->714 716 401fa6-401fec LoadResource LockResource GlobalAlloc call 402d60 * 2 713->716 715 402096-40209a 714->715 721 401fee-401ff9 716->721 721->721 722 401ffb-402003 GetTickCount 721->722 723 402032-402038 722->723 724 402005-402007 722->724 725 402053-402083 GlobalAlloc call 401c26 723->725 727 40203a-40204a 723->727 724->725 726 402009-40200f 724->726 732 402088-402093 725->732 726->725 731 402011-402023 726->731 728 40204c 727->728 729 40204e-402051 727->729 728->729 729->725 729->727 733 402025 731->733 734 402027-40202a 731->734 732->715 733->734 734->731 735 40202c-40202e 734->735 735->726 736 402030 735->736 736->725
                                                                                        APIs
                                                                                        • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                                                        • GetLastError.KERNEL32 ref: 00401F86
                                                                                        • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                                                        • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                                                        • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FBF
                                                                                        • GetTickCount.KERNEL32 ref: 00401FFB
                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00402061
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                                                        • String ID:
                                                                                        • API String ID: 564119183-0
                                                                                        • Opcode ID: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                                        • Instruction ID: b01298f5e92dfabffd3260d40ec81ee59ee3d80feb476c4020a7475af27d6630
                                                                                        • Opcode Fuzzy Hash: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                                        • Instruction Fuzzy Hash: 60315C32900255EFDB105FB89F8896F7B68EF45344B10807AFA86F7281DA748941C7A8

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 02C42706
                                                                                        • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02C4272B
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02C63163), ref: 02C42738
                                                                                          • Part of subcall function 02C41712: __EH_prolog.LIBCMT ref: 02C41717
                                                                                        • SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02C42778
                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 02C427D9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                        • String ID: timer
                                                                                        • API String ID: 4293676635-1792073242
                                                                                        • Opcode ID: c71068b5599bc4422a04ed3e3d2fd2af3a3b1fa9da2d8588ea8b9e3804d2055b
                                                                                        • Instruction ID: e6dffb2558d86ef5461fc1ed4884e73341687a65b9464bd0ba0ad46f06ce91ab
                                                                                        • Opcode Fuzzy Hash: c71068b5599bc4422a04ed3e3d2fd2af3a3b1fa9da2d8588ea8b9e3804d2055b
                                                                                        • Instruction Fuzzy Hash: 9C31BEB1904701AFD310DF66D888B27BBE8FB48764F004A2DF85583A80EB70E940CF92

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 788 2c42b95-2c42baf 789 2c42bc7-2c42bcb 788->789 790 2c42bb1-2c42bb9 call 2c4fb10 788->790 791 2c42bcd-2c42bd0 789->791 792 2c42bdf 789->792 797 2c42bbf-2c42bc2 790->797 791->792 794 2c42bd2-2c42bdd call 2c4fb10 791->794 795 2c42be2-2c42c11 WSASetLastError WSARecv call 2c494fe 792->795 794->797 802 2c42c16-2c42c1d 795->802 800 2c42d30 797->800 803 2c42d32-2c42d38 800->803 804 2c42c2c-2c42c32 802->804 805 2c42c1f-2c42c2a call 2c4fb10 802->805 807 2c42c34-2c42c39 call 2c4fb10 804->807 808 2c42c46-2c42c48 804->808 816 2c42c3f-2c42c42 805->816 807->816 809 2c42c4f-2c42c60 call 2c4fb10 808->809 810 2c42c4a-2c42c4d 808->810 809->803 814 2c42c66-2c42c69 809->814 810->814 818 2c42c73-2c42c76 814->818 819 2c42c6b-2c42c6d 814->819 816->808 818->800 821 2c42c7c-2c42c9a call 2c4fb10 call 2c4166f 818->821 819->818 820 2c42d22-2c42d2d call 2c41996 819->820 820->800 828 2c42cbc-2c42cfa WSASetLastError select call 2c494fe 821->828 829 2c42c9c-2c42cba call 2c4fb10 call 2c4166f 821->829 835 2c42cfc-2c42d06 call 2c4fb10 828->835 836 2c42d08 828->836 829->800 829->828 843 2c42d19-2c42d1d 835->843 839 2c42d15-2c42d17 836->839 840 2c42d0a-2c42d12 call 2c4fb10 836->840 839->800 839->843 840->839 843->795
                                                                                        APIs
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C42BE4
                                                                                        • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02C42C07
                                                                                          • Part of subcall function 02C494FE: WSAGetLastError.WS2_32(00000000,?,?,02C42A51), ref: 02C4950C
                                                                                        • WSASetLastError.WS2_32 ref: 02C42CD3
                                                                                        • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02C42CE7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Recvselect
                                                                                        • String ID: 3'
                                                                                        • API String ID: 886190287-280543908
                                                                                        • Opcode ID: 24e44b9b455a90d1fe5dc5fdbcaebbd9a2863d149360452372e27defad936ddf
                                                                                        • Instruction ID: e005c114d209bee5159963d6bbf18745dc7db29d1f98c0ad7136e6886a742006
                                                                                        • Opcode Fuzzy Hash: 24e44b9b455a90d1fe5dc5fdbcaebbd9a2863d149360452372e27defad936ddf
                                                                                        • Instruction Fuzzy Hash: 7A4168B1A087018FD7109F75C95576BBBE9AF853A4F104D1EF89987280EFB0D640CBA2

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 896 2c41ba7-2c41bcf call 2c62a00 RtlEnterCriticalSection 899 2c41bd1 896->899 900 2c41be9-2c41bf7 RtlLeaveCriticalSection call 2c4d325 896->900 901 2c41bd4-2c41be0 call 2c41b79 899->901 903 2c41bfa-2c41c20 RtlEnterCriticalSection 900->903 906 2c41c55-2c41c6e RtlLeaveCriticalSection 901->906 907 2c41be2-2c41be7 901->907 905 2c41c34-2c41c36 903->905 908 2c41c22-2c41c2f call 2c41b79 905->908 909 2c41c38-2c41c43 905->909 907->900 907->901 911 2c41c45-2c41c4b 908->911 914 2c41c31 908->914 909->911 911->906 913 2c41c4d-2c41c51 911->913 913->906 914->905
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C41BAC
                                                                                        • RtlEnterCriticalSection.NTDLL ref: 02C41BBC
                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 02C41BEA
                                                                                        • RtlEnterCriticalSection.NTDLL ref: 02C41C13
                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 02C41C56
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 1633115879-0
                                                                                        • Opcode ID: 577dc1a3f8499e10598dc7a431c18cfce1638da6b883dd2299c20e819a94b6ea
                                                                                        • Instruction ID: 15cc5265c3507800cbadd526ca53ab590c27e93fa09b5bda7386fdec3650d768
                                                                                        • Opcode Fuzzy Hash: 577dc1a3f8499e10598dc7a431c18cfce1638da6b883dd2299c20e819a94b6ea
                                                                                        • Instruction Fuzzy Hash: CE21A0B5900604DFDB14CF69C84879BBBB5FF88714F248549E85997301DBB1EA45CBD0

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 916 2c46b8a-2c46b93 917 2c46b95-2c46ba5 916->917 918 2c46bd0-2c46bdb 916->918 919 2c46b86 917->919 920 2c46ba7-2c46bb1 917->920 921 2c46bdd-2c46be4 918->921 922 2c46bb9 918->922 927 2c46b87 919->927 920->922 925 2c46be6-2c46bf4 921->925 926 2c46bc2-2c46bc9 921->926 923 2c46b88-2c46b89 922->923 924 2c46bbb 922->924 923->916 928 2c46b42-2c46b51 924->928 929 2c46bbd-2c46bc0 924->929 930 2c46bce 925->930 931 2c46bf6 925->931 926->930 927->923 932 2c46b5d 928->932 933 2c46b58 call 2c47ff8 928->933 929->926 930->918 931->927 934 2c46bf8 931->934 935 2c460e1-2c460e3 932->935 933->932 936 2c460e5-2c460ea 935->936 937 2c460ec-2c460ee 935->937 938 2c460f5 Sleep 936->938 939 2c460f0 937->939 940 2c460fb-2c46439 RtlEnterCriticalSection RtlLeaveCriticalSection 937->940 938->940 939->938 943 2c46455-2c4645f 940->943 944 2c4643b-2c46441 940->944 943->935 947 2c46465-2c46489 call 2c53750 call 2c4439c 943->947 945 2c46447-2c46454 call 2c4534d 944->945 946 2c46443-2c46445 944->946 945->943 946->943 947->935 954 2c4648f-2c464ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2c5133c 947->954 957 2c46504-2c4651c call 2c5133c 954->957 958 2c464bc-2c464cb call 2c5133c 954->958 963 2c46522-2c46524 957->963 964 2c467c3-2c467d2 call 2c5133c 957->964 958->957 965 2c464cd-2c464dc call 2c5133c 958->965 963->964 966 2c4652a-2c465d5 call 2c51fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2c53750 * 5 call 2c4439c * 2 963->966 973 2c467d4-2c467d6 964->973 974 2c46817-2c46826 call 2c5133c 964->974 965->957 975 2c464de-2c464ed call 2c5133c 965->975 1017 2c465d7-2c465d9 966->1017 1018 2c46612 966->1018 973->974 977 2c467d8-2c46812 call 2c53750 RtlEnterCriticalSection RtlLeaveCriticalSection 973->977 987 2c46828-2c46836 call 2c45c02 call 2c45d10 974->987 988 2c4683b-2c4684a call 2c5133c 974->988 975->957 986 2c464ef-2c464fe call 2c5133c 975->986 977->935 986->935 986->957 987->935 988->935 998 2c46850-2c46852 988->998 998->935 1001 2c46858-2c46871 call 2c4439c 998->1001 1001->935 1007 2c46877-2c46946 call 2c51418 call 2c41ba7 1001->1007 1019 2c4694d-2c4696e RtlEnterCriticalSection 1007->1019 1020 2c46948 call 2c4143f 1007->1020 1017->1018 1024 2c465db-2c465ed call 2c5133c 1017->1024 1025 2c46616-2c46644 call 2c51fac call 2c53750 call 2c4439c 1018->1025 1022 2c46970-2c46977 1019->1022 1023 2c4697a-2c469e1 RtlLeaveCriticalSection call 2c43c67 call 2c43d7e call 2c47330 1019->1023 1020->1019 1022->1023 1045 2c469e7-2c46a29 call 2c4971a 1023->1045 1046 2c46b49-2c46b58 call 2c47ff8 1023->1046 1024->1018 1033 2c465ef-2c46610 call 2c4439c 1024->1033 1043 2c46685-2c4668e call 2c51f74 1025->1043 1044 2c46646-2c46655 call 2c525e6 1025->1044 1033->1025 1054 2c46694-2c466ac call 2c527b5 1043->1054 1055 2c467b1-2c467be 1043->1055 1044->1043 1056 2c46657 1044->1056 1057 2c46b13-2c46b44 call 2c473df call 2c433b2 1045->1057 1058 2c46a2f-2c46a36 1045->1058 1046->932 1068 2c466ae-2c466b6 call 2c4872c 1054->1068 1069 2c466b8 1054->1069 1055->935 1060 2c4665c-2c4666e call 2c51850 1056->1060 1057->1046 1062 2c46a39-2c46a3e 1058->1062 1075 2c46670 1060->1075 1076 2c46673-2c46683 call 2c525e6 1060->1076 1062->1062 1066 2c46a40-2c46a85 call 2c4971a 1062->1066 1066->1057 1077 2c46a8b-2c46a91 1066->1077 1072 2c466ba-2c4675e call 2c49844 call 2c43863 call 2c45119 call 2c43863 call 2c49aea call 2c49c04 1068->1072 1069->1072 1100 2c46765-2c46790 Sleep call 2c508f0 1072->1100 1101 2c46760 call 2c4380b 1072->1101 1075->1076 1076->1043 1076->1060 1081 2c46a94-2c46a99 1077->1081 1081->1081 1084 2c46a9b-2c46ad6 call 2c4971a 1081->1084 1084->1057 1090 2c46ad8-2c46b12 call 2c4c10c 1084->1090 1090->1057 1105 2c46792-2c4679b call 2c44100 1100->1105 1106 2c4679c-2c467aa 1100->1106 1101->1100 1105->1106 1106->1055 1108 2c467ac call 2c4380b 1106->1108 1108->1055
                                                                                        Strings
                                                                                        • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02C4611A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                        • API String ID: 0-1923541051
                                                                                        • Opcode ID: e4dbc18cdc9391a8e32210588414aef8138052261108d335f4d1c11ca3a2423d
                                                                                        • Instruction ID: a4a7ce1ac916bd8057ddbbf14cd4a445bf24114929484ecf71abaf823d6c4315
                                                                                        • Opcode Fuzzy Hash: e4dbc18cdc9391a8e32210588414aef8138052261108d335f4d1c11ca3a2423d
                                                                                        • Instruction Fuzzy Hash: 2F21487124E7C08FD312CB30884479B7FA4AF87254B6809AED5C58B187DE52940EC3D2

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetVersion.KERNEL32 ref: 00403336
                                                                                          • Part of subcall function 00404454: HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                                          • Part of subcall function 00404454: HeapDestroy.KERNEL32 ref: 004044A4
                                                                                        • GetCommandLineA.KERNEL32 ref: 00403384
                                                                                        • GetStartupInfoA.KERNEL32(?), ref: 004033AF
                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004033D2
                                                                                          • Part of subcall function 0040342B: ExitProcess.KERNEL32 ref: 00403448
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                        • String ID:
                                                                                        • API String ID: 2057626494-0
                                                                                        • Opcode ID: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                                        • Instruction ID: a936b3102d24e78b19d7c169988c3063d29dd1dd2c17feae02d4b7387c8d63d1
                                                                                        • Opcode Fuzzy Hash: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                                        • Instruction Fuzzy Hash: 172183B1900615AED704AFB5DE45A6E7F68EF44705F10413EF901B72D2DB385900CB58
                                                                                        APIs
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C42EEE
                                                                                        • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02C42EFD
                                                                                        • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02C42F0C
                                                                                        • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02C42F36
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Socketsetsockopt
                                                                                        • String ID:
                                                                                        • API String ID: 2093263913-0
                                                                                        • Opcode ID: 736aa8e7a7dc8d444756375d0c5e8f3ec9e4e82ed5df0f700e9497447003daa3
                                                                                        • Instruction ID: 97f6d813d7dec7bc5dec0caa8f77ab5a971e8115ca633640f8096efe1aa7756a
                                                                                        • Opcode Fuzzy Hash: 736aa8e7a7dc8d444756375d0c5e8f3ec9e4e82ed5df0f700e9497447003daa3
                                                                                        • Instruction Fuzzy Hash: 0501AC71A00214BBDB209F66DC4CF5B7BADDF867B1F508A69F918CB141DB718900CBA0
                                                                                        APIs
                                                                                          • Part of subcall function 02C42D39: WSASetLastError.WS2_32(00000000), ref: 02C42D47
                                                                                          • Part of subcall function 02C42D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02C42D5C
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C42E6D
                                                                                        • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02C42E83
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Sendselect
                                                                                        • String ID: 3'
                                                                                        • API String ID: 2958345159-280543908
                                                                                        • Opcode ID: d586b15d5691dd2c3250ddd822c84e78ea50a2136eb38b7e36d125d569db528c
                                                                                        • Instruction ID: 220e64e95fd7a3f682acf04b1938d5c2192a7ef14ebd5256e1ff399c6e9d793a
                                                                                        • Opcode Fuzzy Hash: d586b15d5691dd2c3250ddd822c84e78ea50a2136eb38b7e36d125d569db528c
                                                                                        • Instruction Fuzzy Hash: 6831E0B0E102159FDB10DFA0C8167EFBBAAEF45394F00455AEC0497280EF709681DFA1
                                                                                        APIs
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C42AEA
                                                                                        • connect.WS2_32(?,?,?), ref: 02C42AF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastconnect
                                                                                        • String ID: 3'
                                                                                        • API String ID: 374722065-280543908
                                                                                        • Opcode ID: 3a9347ea0e4c7f6c68c8ac166e3e320bde287e980323ba18e2ec5b1d67916c09
                                                                                        • Instruction ID: 095c076f37413d52e38614ed1e2c433970c3798487bb7afbae524e0ec348eddf
                                                                                        • Opcode Fuzzy Hash: 3a9347ea0e4c7f6c68c8ac166e3e320bde287e980323ba18e2ec5b1d67916c09
                                                                                        • Instruction Fuzzy Hash: B221C670E00214ABDF10EFB4D5146AFBBBAEF85364F50859DEC1993280EFB45A019F92
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: H_prolog
                                                                                        • String ID:
                                                                                        • API String ID: 3519838083-0
                                                                                        • Opcode ID: 45345c9b0272fdd35e994b82fa12e2473dca25bcd6d9c351ba1de6e4c7337d66
                                                                                        • Instruction ID: b99b58d0f695ba52721b26b546995d60b1b9b52f5c5816840ff4f95ca8cb3fa4
                                                                                        • Opcode Fuzzy Hash: 45345c9b0272fdd35e994b82fa12e2473dca25bcd6d9c351ba1de6e4c7337d66
                                                                                        • Instruction Fuzzy Hash: B9516DB1905256DFCB08DF68D5546AABBB1FF48320F20815EE8299B380DB70DA10CFA1
                                                                                        APIs
                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 02C436A7
                                                                                          • Part of subcall function 02C42420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02C42432
                                                                                          • Part of subcall function 02C42420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02C42445
                                                                                          • Part of subcall function 02C42420: RtlEnterCriticalSection.NTDLL(?), ref: 02C42454
                                                                                          • Part of subcall function 02C42420: InterlockedExchange.KERNEL32(?,00000001), ref: 02C42469
                                                                                          • Part of subcall function 02C42420: RtlLeaveCriticalSection.NTDLL(?), ref: 02C42470
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                                                        • String ID:
                                                                                        • API String ID: 1601054111-0
                                                                                        • Opcode ID: b0e961c8bdc1d10e3efe239db13a6ec249b37ea7214abecca8f0bd87bee51f61
                                                                                        • Instruction ID: 2f173c1c3d6eb78f930be863be3883e19297dc2fc6b12215717a6a14e7ebf73c
                                                                                        • Opcode Fuzzy Hash: b0e961c8bdc1d10e3efe239db13a6ec249b37ea7214abecca8f0bd87bee51f61
                                                                                        • Instruction Fuzzy Hash: AE11C1B5100249ABDF218F14CD85FAB3BA9EB84354F204556FE92CB290CF74D960CB94
                                                                                        APIs
                                                                                        • __beginthreadex.LIBCMT ref: 02C51106
                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02C4997E,00000000), ref: 02C51137
                                                                                        • ResumeThread.KERNEL32(?,?,?,?,?,00000002,02C4997E,00000000), ref: 02C51145
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseHandleResumeThread__beginthreadex
                                                                                        • String ID:
                                                                                        • API String ID: 1685284544-0
                                                                                        • Opcode ID: 3e7347ef6f8f3b1278e9db0cfee68f8caa343f81ab59ca5cb951f2620d550667
                                                                                        • Instruction ID: 729d0f7ea3efd49e8631b50a62df967bc8edb0f8a1223c9a435ea468b2e34db5
                                                                                        • Opcode Fuzzy Hash: 3e7347ef6f8f3b1278e9db0cfee68f8caa343f81ab59ca5cb951f2620d550667
                                                                                        • Instruction Fuzzy Hash: AFF0C8702402105BD7209E59DC84F9673E8AF88364F28056AF958C7280C3B1E8929AD4
                                                                                        APIs
                                                                                        • GetCommandLineW.KERNEL32 ref: 004027ED
                                                                                        • CommandLineToArgvW.SHELL32(00000000), ref: 004027F4
                                                                                        • GetLocalTime.KERNEL32(0040C2F8), ref: 0040D075
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CommandLine$ArgvLocalTime
                                                                                        • String ID:
                                                                                        • API String ID: 3768950922-0
                                                                                        • Opcode ID: 035321ded0275dbdbf517f29037c3f697d1548f0c8c80e996bdf42ee7b3456d6
                                                                                        • Instruction ID: 91ef10c5929d03a7fc5d1c367ffd0594174cee04b3ea4e9aceab3d1ee68c349e
                                                                                        • Opcode Fuzzy Hash: 035321ded0275dbdbf517f29037c3f697d1548f0c8c80e996bdf42ee7b3456d6
                                                                                        • Instruction Fuzzy Hash: 04F0FF71D05111CBC3009BB4BF299EA7BA4AB46710700067BE5CAF60E2C7B84C4ADB1A
                                                                                        APIs
                                                                                        • InterlockedIncrement.KERNEL32(02C7529C), ref: 02C41ABA
                                                                                        • WSAStartup.WS2_32(00000002,00000000), ref: 02C41ACB
                                                                                        • InterlockedExchange.KERNEL32(02C752A0,00000000), ref: 02C41AD7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: Interlocked$ExchangeIncrementStartup
                                                                                        • String ID:
                                                                                        • API String ID: 1856147945-0
                                                                                        • Opcode ID: dc8357908326e28af0f07d78a6660d947bc7d78a037155451c2e3239776dd2cd
                                                                                        • Instruction ID: 4fa1dddb450c75a56860067906085fd714a1cff2c7734289d81efcd40498cc6f
                                                                                        • Opcode Fuzzy Hash: dc8357908326e28af0f07d78a6660d947bc7d78a037155451c2e3239776dd2cd
                                                                                        • Instruction Fuzzy Hash: 79D05E71D842046BE22066A1AD0EB797B6CE705752FE00761FDA9D41C0EB91A52085E6
                                                                                        APIs
                                                                                        • DeleteFileA.KERNEL32(2D396D40), ref: 02CAC21B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID: ([wO
                                                                                        • API String ID: 4033686569-2721458860
                                                                                        • Opcode ID: f4f15dbc9dbfdfeeff2d6407ee082574d23fa3484512b7124d145fd0e46dc967
                                                                                        • Instruction ID: 17165293437e264d774732ab107be90a58f603b8ad97454c531a9d268b590e51
                                                                                        • Opcode Fuzzy Hash: f4f15dbc9dbfdfeeff2d6407ee082574d23fa3484512b7124d145fd0e46dc967
                                                                                        • Instruction Fuzzy Hash: 61217FF251C600AFE318AF08E88177EB7E4EF94310F15882EE2C587754EA35A8418B97
                                                                                        APIs
                                                                                        • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040DE0C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: ManagerOpen
                                                                                        • String ID: \
                                                                                        • API String ID: 1889721586-2967466578
                                                                                        • Opcode ID: 6b02c77290a2158b51e68806f74a24035295f5ee907e826eba22e4fcde12c0cc
                                                                                        • Instruction ID: 581ce953e34c98f85b61a1153f7898f5ed81f7c754a919ac331bd9c32609a126
                                                                                        • Opcode Fuzzy Hash: 6b02c77290a2158b51e68806f74a24035295f5ee907e826eba22e4fcde12c0cc
                                                                                        • Instruction Fuzzy Hash: C6014C31E08684AADF4C4BB49F79AF97FB46701710F5040BEC987B32E2D1781909DB29
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C44BF2
                                                                                          • Part of subcall function 02C41BA7: __EH_prolog.LIBCMT ref: 02C41BAC
                                                                                          • Part of subcall function 02C41BA7: RtlEnterCriticalSection.NTDLL ref: 02C41BBC
                                                                                          • Part of subcall function 02C41BA7: RtlLeaveCriticalSection.NTDLL ref: 02C41BEA
                                                                                          • Part of subcall function 02C41BA7: RtlEnterCriticalSection.NTDLL ref: 02C41C13
                                                                                          • Part of subcall function 02C41BA7: RtlLeaveCriticalSection.NTDLL ref: 02C41C56
                                                                                          • Part of subcall function 02C4D0ED: __EH_prolog.LIBCMT ref: 02C4D0F2
                                                                                          • Part of subcall function 02C4D0ED: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02C4D171
                                                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 02C44CF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                                                        • String ID:
                                                                                        • API String ID: 1927618982-0
                                                                                        • Opcode ID: 404c5125561a5aa1f0ac289ca4d33b4a8e5ea2ad501713362c0cc9e7cf3d9866
                                                                                        • Instruction ID: ef8d6ad655cdc3d2c671f07631be92e765a1539382ba9dd5915d02dfc4274fb8
                                                                                        • Opcode Fuzzy Hash: 404c5125561a5aa1f0ac289ca4d33b4a8e5ea2ad501713362c0cc9e7cf3d9866
                                                                                        • Instruction Fuzzy Hash: D9510671D04248DFDB15DFA8C484AEEFBB9EF48314F2481AAE905AB351DB309A44DF91
                                                                                        APIs
                                                                                        • CopyFileA.KERNEL32(?,?), ref: 0040DDA4
                                                                                        • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040DE0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CopyFileManagerOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3059512871-0
                                                                                        • Opcode ID: e2209375a2ef0eec67d84e26e10aa896bcf1254743769b49326ebfec2aaecce5
                                                                                        • Instruction ID: 22dde04db30ada70603b4c37316df1ccfd517d85c36d7c48d08271f1b974d6ca
                                                                                        • Opcode Fuzzy Hash: e2209375a2ef0eec67d84e26e10aa896bcf1254743769b49326ebfec2aaecce5
                                                                                        • Instruction Fuzzy Hash: 4E119E32A446406BDB084BB5AF36AE63FA4AB46731B48417DD0C7AB1E3C639944AC749
                                                                                        APIs
                                                                                        • CopyFileA.KERNEL32(?,?), ref: 0040DDA4
                                                                                        • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040DE0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CopyFileManagerOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3059512871-0
                                                                                        • Opcode ID: fcadad99aede858d459164219a61d181d9ae7bba2945c9ed8f9046051b623c4e
                                                                                        • Instruction ID: ab1bb31debb9e967fdb0980d350143e076b57345d99e5cc46af80213a1903095
                                                                                        • Opcode Fuzzy Hash: fcadad99aede858d459164219a61d181d9ae7bba2945c9ed8f9046051b623c4e
                                                                                        • Instruction Fuzzy Hash: EA014C61B162902ADB0D0B75AF75AF63F696B06A20748403DE9C3B31E3D239540DC758
                                                                                        APIs
                                                                                        • CopyFileA.KERNEL32(?,?), ref: 0040DDA4
                                                                                        • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040DE0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CopyFileManagerOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3059512871-0
                                                                                        • Opcode ID: dcee582eab8bcba7e5a2a6310ba82f49f9a9f2c9900a13f0e8c631b2000bd0d8
                                                                                        • Instruction ID: 2f402ea73b8b7388582147139829f9576b91628ef0adacb3a7f4c5dbc4cf6aac
                                                                                        • Opcode Fuzzy Hash: dcee582eab8bcba7e5a2a6310ba82f49f9a9f2c9900a13f0e8c631b2000bd0d8
                                                                                        • Instruction Fuzzy Hash: FB014C316041145BDB4C4B71AFB9AF93BBC5704B12B40007EE587B31E2D93C594CDB28
                                                                                        APIs
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C42D47
                                                                                        • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02C42D5C
                                                                                          • Part of subcall function 02C494FE: WSAGetLastError.WS2_32(00000000,?,?,02C42A51), ref: 02C4950C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Send
                                                                                        • String ID:
                                                                                        • API String ID: 1282938840-0
                                                                                        • Opcode ID: 35f54927822cfa2da14de748276399b6cfc8a2074a34ff14f6dee021b6239703
                                                                                        • Instruction ID: c43c0104f850c2c7570ee1deb957f7745b482654b69959739c6c41d6d47cf749
                                                                                        • Opcode Fuzzy Hash: 35f54927822cfa2da14de748276399b6cfc8a2074a34ff14f6dee021b6239703
                                                                                        • Instruction Fuzzy Hash: 460184B5504215AFD7205F95D98496BBBEDEF857E4720092EFC5983200DF709D00DB62
                                                                                        APIs
                                                                                        • CopyFileA.KERNEL32(?,?), ref: 0040DDA4
                                                                                        • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040DE0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CopyFileManagerOpen
                                                                                        • String ID:
                                                                                        • API String ID: 3059512871-0
                                                                                        • Opcode ID: 0113cdfbfb25f3afebf08d5b53905e774dd9bb883235dd1e0e1769836c7b60a4
                                                                                        • Instruction ID: d58d49b4ea29d8c8a9330d33764122c4b2cd231153ae156a4abd983e9e2d164a
                                                                                        • Opcode Fuzzy Hash: 0113cdfbfb25f3afebf08d5b53905e774dd9bb883235dd1e0e1769836c7b60a4
                                                                                        • Instruction Fuzzy Hash: 6B01493171665026DB0D0772AF7AAFA3F69A706630B88003DE5C3A31F3D6395408C718
                                                                                        APIs
                                                                                        • WSASetLastError.WS2_32(00000000), ref: 02C473FC
                                                                                        • shutdown.WS2_32(?,00000002), ref: 02C47405
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: ErrorLastshutdown
                                                                                        • String ID:
                                                                                        • API String ID: 1920494066-0
                                                                                        • Opcode ID: 6de671cacefdcf410b89f703907d465eeefc580668c9f537887d5306ca2a67e8
                                                                                        • Instruction ID: 931a0d682d5d8c9c68e3491266489023670db4b9b842f8b02fa3a03bbe123177
                                                                                        • Opcode Fuzzy Hash: 6de671cacefdcf410b89f703907d465eeefc580668c9f537887d5306ca2a67e8
                                                                                        • Instruction Fuzzy Hash: 4BF09031A043108FC7109F14D814B5BBBE5EF493A5F50891DED5597380DB30AD10CF91
                                                                                        APIs
                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                                          • Part of subcall function 0040430C: GetVersionExA.KERNEL32 ref: 0040432B
                                                                                        • HeapDestroy.KERNEL32 ref: 004044A4
                                                                                          • Part of subcall function 0040482B: HeapAlloc.KERNEL32(00000000,00000140,0040448D,000003F8), ref: 00404838
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocCreateDestroyVersion
                                                                                        • String ID:
                                                                                        • API String ID: 2507506473-0
                                                                                        • Opcode ID: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                                        • Instruction ID: 6792b556898a49359456169ba0c82f011abfeecbff717d74d0c7f117a7ac5838
                                                                                        • Opcode Fuzzy Hash: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                                        • Instruction Fuzzy Hash: 90F065F0A01302DAEB206B70AE4572A3695DBC0755F20483BFA04F51E0EA788884A91D
                                                                                        APIs
                                                                                        • lstrcmpiW.KERNEL32(?,/chk), ref: 0040D4E0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcmpi
                                                                                        • String ID: /chk
                                                                                        • API String ID: 1586166983-3837807730
                                                                                        • Opcode ID: a10da9197f37afb343f6c771918f49abc0ad40443fd6673d965178b01d59aaa4
                                                                                        • Instruction ID: 96d4d1690fa0cf9a978db3768c059a4f844370bc8a88cc09418b16e2fd1e5a46
                                                                                        • Opcode Fuzzy Hash: a10da9197f37afb343f6c771918f49abc0ad40443fd6673d965178b01d59aaa4
                                                                                        • Instruction Fuzzy Hash: B7B01230300101DEE3001B228F0DE0039916B00700316C0795402B40F2C778C400651D
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C4511E
                                                                                          • Part of subcall function 02C43D7E: htons.WS2_32(?), ref: 02C43DA2
                                                                                          • Part of subcall function 02C43D7E: htonl.WS2_32(00000000), ref: 02C43DB9
                                                                                          • Part of subcall function 02C43D7E: htonl.WS2_32(00000000), ref: 02C43DC0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: htonl$H_prologhtons
                                                                                        • String ID:
                                                                                        • API String ID: 4039807196-0
                                                                                        • Opcode ID: 7e2f2f2ce1ddb4a4b5576e53a932ab4e8f6097f6941f583908bc1dd098cdfe99
                                                                                        • Instruction ID: 23c907b2c502b4d48203beb6ac075e80d48c5ce1f75e9192077d891c9c12e828
                                                                                        • Opcode Fuzzy Hash: 7e2f2f2ce1ddb4a4b5576e53a932ab4e8f6097f6941f583908bc1dd098cdfe99
                                                                                        • Instruction Fuzzy Hash: F18135B1D0424ECFCF05DFA8D080AEEBBB5AF49314F20819AD855B7240EB765A05CFA5
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 7c4275b2da20c7dca6fb2307d05ddf03a6a46a5ddd1a9359fe397984547431cf
                                                                                        • Instruction ID: a038c9ff26a08e4d2352617b410315fe9c41e0a402012b8b30ddef471d65f199
                                                                                        • Opcode Fuzzy Hash: 7c4275b2da20c7dca6fb2307d05ddf03a6a46a5ddd1a9359fe397984547431cf
                                                                                        • Instruction Fuzzy Hash: 8B4173F250C6049FE305BF19EC85BBABBE5EF94720F16492DE6C4C3744EA3554408A97
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(?,?,?,?), ref: 02CC8B10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: c893f0b1c3f2af01e8f5fe3605b0f3b0392b04032dc2825eed2a70a1686b6c5d
                                                                                        • Instruction ID: 5e854806b1063d3fd2c92653d8c47c97880055a115c959c780f98b35c2ca41e1
                                                                                        • Opcode Fuzzy Hash: c893f0b1c3f2af01e8f5fe3605b0f3b0392b04032dc2825eed2a70a1686b6c5d
                                                                                        • Instruction Fuzzy Hash: 443102F250CA00AFE715BF09E8857AAFBE4EF58714F06492DEAC883350E6315850CB97
                                                                                        APIs
                                                                                        • CreateFileA.KERNEL32(?,?,?,?), ref: 02CC8B10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: ab7ba6a34fa2599fb3910d5a4134a8e787dbc9c3906078be13cb87bd8db3383f
                                                                                        • Instruction ID: 7b2f31cc274eba72a4c11b4c7f7b7e90b5880337849f199d2c3f0c787fa72bc8
                                                                                        • Opcode Fuzzy Hash: ab7ba6a34fa2599fb3910d5a4134a8e787dbc9c3906078be13cb87bd8db3383f
                                                                                        • Instruction Fuzzy Hash: E62100B150CA009FE315AF19E8C536AFBE4FF98304F46892DEAC987710E6315850CB8B
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C4D9BB
                                                                                          • Part of subcall function 02C41A01: TlsGetValue.KERNEL32 ref: 02C41A0A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: H_prologValue
                                                                                        • String ID:
                                                                                        • API String ID: 3700342317-0
                                                                                        • Opcode ID: d9f95fe6e14d6d7aa585ae2faad62633bc04671e7ea4884c2a6e22f5557b1ab8
                                                                                        • Instruction ID: 6bfe8866407e0532f54d1ca6eecead4b6a72baaed94896ea59e3deec818e3b3d
                                                                                        • Opcode Fuzzy Hash: d9f95fe6e14d6d7aa585ae2faad62633bc04671e7ea4884c2a6e22f5557b1ab8
                                                                                        • Instruction Fuzzy Hash: D52131B2904209AFDB04DFA5D444AFFBBF9FF49314F14415EE905A7240DB71AA01DBA1
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C4D54B
                                                                                          • Part of subcall function 02C426DB: RtlEnterCriticalSection.NTDLL(?), ref: 02C42706
                                                                                          • Part of subcall function 02C426DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02C4272B
                                                                                          • Part of subcall function 02C426DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02C63163), ref: 02C42738
                                                                                          • Part of subcall function 02C426DB: SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02C42778
                                                                                          • Part of subcall function 02C426DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02C427D9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                        • String ID:
                                                                                        • API String ID: 4293676635-0
                                                                                        • Opcode ID: b435c0cc2227d8c22dcaaee29bc1a8798cda14ec9837bf886a547665f919c80d
                                                                                        • Instruction ID: 10cb5838061c0112e53e95cff95dd93207c0ca41cfc265a291f19de90b8fecd8
                                                                                        • Opcode Fuzzy Hash: b435c0cc2227d8c22dcaaee29bc1a8798cda14ec9837bf886a547665f919c80d
                                                                                        • Instruction Fuzzy Hash: E9019EB1910B089FC328CF1AC5849A6FBE5EF88714B15C6AE94499B722E7719A40CF94
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: eb06fc48407c5659a787097cf97433b083acdd3bc5559e3073b6d83ebd6678e0
                                                                                        • Instruction ID: 00efa456f585e781757c7064b272da0dd42e1381cd44d353f1743c4c452cba42
                                                                                        • Opcode Fuzzy Hash: eb06fc48407c5659a787097cf97433b083acdd3bc5559e3073b6d83ebd6678e0
                                                                                        • Instruction Fuzzy Hash: B6F05539C08081CBC3018BB0BE908E57BB1A626320310827AD483B72B3C734890EDB0D
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 62a982fcf4c54b7e442035849a3fa9927eeebdcfb6e485a33eda82362793fbb8
                                                                                        • Instruction ID: 2e224c3a7999d715f6ab5ac141b96b93e8e215963b5ec2d43ac52882eb4d5c4d
                                                                                        • Opcode Fuzzy Hash: 62a982fcf4c54b7e442035849a3fa9927eeebdcfb6e485a33eda82362793fbb8
                                                                                        • Instruction Fuzzy Hash: 44E02C76A082209FE302C92BCC8432AB2A3AFC8A00F42C908C2C88B608CE35442586E5
                                                                                        APIs
                                                                                        • __EH_prolog.LIBCMT ref: 02C4D32A
                                                                                          • Part of subcall function 02C527B5: _malloc.LIBCMT ref: 02C527CD
                                                                                          • Part of subcall function 02C4D546: __EH_prolog.LIBCMT ref: 02C4D54B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: H_prolog$_malloc
                                                                                        • String ID:
                                                                                        • API String ID: 4254904621-0
                                                                                        • Opcode ID: 9813b79914f4a029a98978595b771b91d83549a71cd649fc888e9aafd1c33bd7
                                                                                        • Instruction ID: 454c93c385e5db04077f4c6e535c38a58dd02e830eebde1c89a5a5f74aeac738
                                                                                        • Opcode Fuzzy Hash: 9813b79914f4a029a98978595b771b91d83549a71cd649fc888e9aafd1c33bd7
                                                                                        • Instruction Fuzzy Hash: 87E0C2B0A00105ABDB0CEF68DC4077EB7B2EB84704F0041AEBC0AD2340EF709A009A05
                                                                                        APIs
                                                                                          • Part of subcall function 02C548BA: __getptd_noexit.LIBCMT ref: 02C548BB
                                                                                          • Part of subcall function 02C548BA: __amsg_exit.LIBCMT ref: 02C548C8
                                                                                          • Part of subcall function 02C52493: __getptd_noexit.LIBCMT ref: 02C52497
                                                                                          • Part of subcall function 02C52493: __freeptd.LIBCMT ref: 02C524B1
                                                                                          • Part of subcall function 02C52493: RtlExitUserThread.NTDLL(?,00000000,?,02C52473,00000000), ref: 02C524BA
                                                                                        • __XcptFilter.LIBCMT ref: 02C5247F
                                                                                          • Part of subcall function 02C57944: __getptd_noexit.LIBCMT ref: 02C57948
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                                                        • String ID:
                                                                                        • API String ID: 1405322794-0
                                                                                        • Opcode ID: b18801dee82ae7a70f55b4ff8329eb16dd556776d7a8b1f55e9b1c3fd53ae090
                                                                                        • Instruction ID: f72723251c67cd7387c7b8e505ce1344a9a7244202ae03d317515a8e51b5b706
                                                                                        • Opcode Fuzzy Hash: b18801dee82ae7a70f55b4ff8329eb16dd556776d7a8b1f55e9b1c3fd53ae090
                                                                                        • Instruction Fuzzy Hash: 11E0ECB19046109FEB08ABA0D949E2D7BA6AF04711F200498E9029B261DA74D9C4FE29
                                                                                        APIs
                                                                                        • LoadLibraryExA.KERNEL32(?), ref: 0040D05B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 990daad7f6c729d56e66747afbc8a8d1a63292ce5cff8e7346021b8327cbb994
                                                                                        • Instruction ID: 64a51a2fdb62ca7e28f5e0a889e807bd0d9443fc0404eb37a7a9ade7e98e3572
                                                                                        • Opcode Fuzzy Hash: 990daad7f6c729d56e66747afbc8a8d1a63292ce5cff8e7346021b8327cbb994
                                                                                        • Instruction Fuzzy Hash: 47E0C230900604CFCF04CF64C5D09667BF0FB08304B104136DC25DB291D330D819DB85
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 4241100979-0
                                                                                        • Opcode ID: 49d61084d1b803bccc36c0f14791c6d614054889fb6cc1cc1534ecdbbca379d0
                                                                                        • Instruction ID: 4295efac82691d2531cb7993d84dfddadd46f15947b0ed900394af4654887382
                                                                                        • Opcode Fuzzy Hash: 49d61084d1b803bccc36c0f14791c6d614054889fb6cc1cc1534ecdbbca379d0
                                                                                        • Instruction Fuzzy Hash: 15C08CF988A010B3D00232400E0AE7A341C4C093853108032F001340C34DFE160103BF
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 4241100979-0
                                                                                        • Opcode ID: 1bf662e3e3553c00b680388d30910e4ff675458b81fbdb0fd3eafd507da1f427
                                                                                        • Instruction ID: d019258e5e8779cc767b11333249365f21376e856059f3aabb32361437c1fd9d
                                                                                        • Opcode Fuzzy Hash: 1bf662e3e3553c00b680388d30910e4ff675458b81fbdb0fd3eafd507da1f427
                                                                                        • Instruction Fuzzy Hash: 22C04C75889410B7D11236911D06E7A642C9D1E7C6320447AB012740C259FE561652BF
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CopyFile
                                                                                        • String ID:
                                                                                        • API String ID: 1304948518-0
                                                                                        • Opcode ID: 7b1e7f8edabd00cd239949ab8b80d060021c0fd617bd02ab541fd13872f44f3e
                                                                                        • Instruction ID: fbb44a5181d595b923e7792f06510eee7a3702163479285ed013a471b1a4ae05
                                                                                        • Opcode Fuzzy Hash: 7b1e7f8edabd00cd239949ab8b80d060021c0fd617bd02ab541fd13872f44f3e
                                                                                        • Instruction Fuzzy Hash: ABD0C93060C005C7C21856808B8C6B222685705740B7444BBA947B00E1DBBC4A4AA91F
                                                                                        APIs
                                                                                        • RegOpenKeyExA.KERNEL32(80000002), ref: 0040D906
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: a124f69a4f08ddbc45472f1a68e294713c0e0ddcab5926de2f10ef910c7e6e1a
                                                                                        • Instruction ID: 1be759f945b8f551a5c82f3a066ad8fe6930bf42a22f2cd8e016aae5cd2197f0
                                                                                        • Opcode Fuzzy Hash: a124f69a4f08ddbc45472f1a68e294713c0e0ddcab5926de2f10ef910c7e6e1a
                                                                                        • Instruction Fuzzy Hash: 69C04C21E0C006DAE7545AF1AA496763664AB14344F20497B9423F11C8E778855EA92F
                                                                                        APIs
                                                                                        • SHGetSpecialFolderPathA.SHELL32 ref: 02C7CFA2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C78000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C78000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c78000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: FolderPathSpecial
                                                                                        • String ID:
                                                                                        • API String ID: 994120019-0
                                                                                        • Opcode ID: 535ff34a197ec4b32d1577fbd8d36487b1b2a81300ed004de864e48e36388fd1
                                                                                        • Instruction ID: bd5084e3e7cef4d44a0d5317d4e3e749150c79ad1f7994427f1f6b62a4830b10
                                                                                        • Opcode Fuzzy Hash: 535ff34a197ec4b32d1577fbd8d36487b1b2a81300ed004de864e48e36388fd1
                                                                                        • Instruction Fuzzy Hash: B2C0807180C046CEC7054B79D458DF97F746B137143400781E4B705152D711891BCF01
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: a22b86eff667c0d65b56586db00ff49b2189e06894376f06fbdcf183efb37a70
                                                                                        • Instruction ID: da0b79f3debd5a63fbd65768690c4417505416eebd7347441fd54efb0bc29e7b
                                                                                        • Opcode Fuzzy Hash: a22b86eff667c0d65b56586db00ff49b2189e06894376f06fbdcf183efb37a70
                                                                                        • Instruction Fuzzy Hash: 23C09B31E0C402E5D6550BF48B0C929697055083447255577D107F01ECD5FDD91EE51F
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close
                                                                                        • String ID:
                                                                                        • API String ID: 3535843008-0
                                                                                        • Opcode ID: 7ff1ee28ebfbbec503e7bad357a395345d60922f5326ab2f30b086438bc24430
                                                                                        • Instruction ID: 37455ea7678de06c91da67ef10d12f013f3f5c8d4a9f72a9f7615423df4b71d3
                                                                                        • Opcode Fuzzy Hash: 7ff1ee28ebfbbec503e7bad357a395345d60922f5326ab2f30b086438bc24430
                                                                                        • Instruction Fuzzy Hash: EEB01230C0C000D6C6000BC08A0891C76306A043007204077A102700D886F89409E60F
                                                                                        APIs
                                                                                          • Part of subcall function 02C50610: OpenEventA.KERNEL32(00100002,00000000,00000000,0678FBD6), ref: 02C506B0
                                                                                          • Part of subcall function 02C50610: CloseHandle.KERNEL32(00000000), ref: 02C506C5
                                                                                          • Part of subcall function 02C50610: ResetEvent.KERNEL32(00000000,0678FBD6), ref: 02C506CF
                                                                                          • Part of subcall function 02C50610: CloseHandle.KERNEL32(00000000,0678FBD6), ref: 02C50704
                                                                                        • TlsSetValue.KERNEL32(00000029,?), ref: 02C511AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3319609695.0000000002C41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C41000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_2c41000_videominimizer32.jbxd
                                                                                        Yara matches
                                                                                        Similarity
                                                                                        • API ID: CloseEventHandle$OpenResetValue
                                                                                        • String ID:
                                                                                        • API String ID: 1556185888-0
                                                                                        • Opcode ID: 7ed219cceb05a52ec691a05323ee48d4cc7fa5ef2f004be1cd5d7f0c2c07cbe3
                                                                                        • Instruction ID: 06753a83cf8abb905ff6a8cf9a3313889ddaba17d5833d3d1430db6ade71f0cb
                                                                                        • Opcode Fuzzy Hash: 7ed219cceb05a52ec691a05323ee48d4cc7fa5ef2f004be1cd5d7f0c2c07cbe3
                                                                                        • Instruction Fuzzy Hash: 9C018F71A44214AFD710CF59DC49B5ABBA8FB09771F10472AF829E3280D775A9008AE4
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: b2ffb64222cd42d17f64ff43169fed43f7743989d6ce8053481b6d9a64f2f24d
                                                                                        • Instruction ID: fd0ed19f08144e3477ca87b7d9cc740f4f53305744c4f6fa95ba343aba04ad21
                                                                                        • Opcode Fuzzy Hash: b2ffb64222cd42d17f64ff43169fed43f7743989d6ce8053481b6d9a64f2f24d
                                                                                        • Instruction Fuzzy Hash: 70F02737D08201DBD61113A87F997643620A705745F354137EE06BA1F2CE7C448A9B0F
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: ddb15782975b23f808471c48354789a71801e7d60cafee4be1fd3b0639555ceb
                                                                                        • Instruction ID: 7451fc23355ae4c8422d0198c49f52f36d1480164026e5fc5377625752783b05
                                                                                        • Opcode Fuzzy Hash: ddb15782975b23f808471c48354789a71801e7d60cafee4be1fd3b0639555ceb
                                                                                        • Instruction Fuzzy Hash: 5DD0A930600A40ABE2429B90EE08B7836986B04300F100232B215E00D0CAB9970AABAA
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNEL32(00000000,?), ref: 0040D6A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: fbf560bc4ad01f7689ab9ac8627d9c70b0ee5e612fec280c0ee3b640093da5eb
                                                                                        • Instruction ID: e037e9899688e148de334fa140894bf3d641d6a497c30b6599ee09faaa31587d
                                                                                        • Opcode Fuzzy Hash: fbf560bc4ad01f7689ab9ac8627d9c70b0ee5e612fec280c0ee3b640093da5eb
                                                                                        • Instruction Fuzzy Hash: 37C01231009601EFC7460B608E086107B717B05309F150462E546755D1867A2429F65A
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3317011240.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3317011240.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 2eb53a3946c8e16d469a3b8a7150f91c92ce03251b3f6f96eab0a1d568bff1f3
                                                                                        • Instruction ID: 4eb371bc7b3e6cd752328c08ca5079fb2affd6f3786a1064330129c3d931aee1
                                                                                        • Opcode Fuzzy Hash: 2eb53a3946c8e16d469a3b8a7150f91c92ce03251b3f6f96eab0a1d568bff1f3
                                                                                        • Instruction Fuzzy Hash: F6C04C35948605DAD10017E46F49B643631B748705F305137BB06344E28E7D044A6B5F
                                                                                        APIs
                                                                                        • sqlite3_malloc.SQLITE3 ref: 609674C6
                                                                                          • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                        • sqlite3_step.SQLITE3 ref: 6096755A
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6096783A
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 609678A8
                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 609678E8
                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967901
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 6096791A
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967931
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967950
                                                                                        • sqlite3_step.SQLITE3 ref: 609679C3
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967AA9
                                                                                        • sqlite3_step.SQLITE3 ref: 60967AB4
                                                                                        • sqlite3_column_int.SQLITE3 ref: 60967AC7
                                                                                        • sqlite3_reset.SQLITE3 ref: 60967AD4
                                                                                        • sqlite3_bind_int.SQLITE3 ref: 60967B89
                                                                                        • sqlite3_step.SQLITE3 ref: 60967B94
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BB0
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BCF
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60967BE6
                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60967C05
                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967C1E
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED50
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967C72
                                                                                        • sqlite3_step.SQLITE3 ref: 60967C7D
                                                                                        • memcmp.MSVCRT ref: 60967D4C
                                                                                        • sqlite3_free.SQLITE3 ref: 60967D69
                                                                                        • sqlite3_free.SQLITE3 ref: 60967D74
                                                                                        • sqlite3_free.SQLITE3 ref: 60967FF7
                                                                                        • sqlite3_free.SQLITE3 ref: 60968002
                                                                                          • Part of subcall function 609634F0: sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                          • Part of subcall function 609634F0: sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                          • Part of subcall function 609634F0: sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                          • Part of subcall function 609634F0: sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                          • Part of subcall function 609634F0: sqlite3_free.SQLITE3 ref: 60963621
                                                                                        • sqlite3_reset.SQLITE3 ref: 60967C93
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                        • sqlite3_reset.SQLITE3 ref: 60967CA7
                                                                                        • sqlite3_reset.SQLITE3 ref: 60968035
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60967B72
                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6096809D
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 609680C6
                                                                                        • sqlite3_step.SQLITE3 ref: 609680D1
                                                                                        • sqlite3_column_int.SQLITE3 ref: 609680F3
                                                                                        • sqlite3_reset.SQLITE3 ref: 60968104
                                                                                        • sqlite3_step.SQLITE3 ref: 60968139
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 60968151
                                                                                        • sqlite3_reset.SQLITE3 ref: 6096818A
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED2B
                                                                                          • Part of subcall function 6095ECA6: sqlite3_bind_value.SQLITE3 ref: 6095EDDF
                                                                                        • sqlite3_reset.SQLITE3 ref: 609679E9
                                                                                          • Part of subcall function 609160CD: sqlite3_realloc.SQLITE3 ref: 609160EF
                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60967587
                                                                                          • Part of subcall function 6091D5DC: sqlite3_value_bytes.SQLITE3 ref: 6091D5F4
                                                                                        • sqlite3_column_blob.SQLITE3 ref: 60967572
                                                                                          • Part of subcall function 6091D57E: sqlite3_value_blob.SQLITE3 ref: 6091D596
                                                                                        • sqlite3_reset.SQLITE3 ref: 609675B7
                                                                                        • sqlite3_bind_int.SQLITE3 ref: 60967641
                                                                                        • sqlite3_step.SQLITE3 ref: 6096764C
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 6096766E
                                                                                        • sqlite3_reset.SQLITE3 ref: 6096768B
                                                                                        • sqlite3_bind_int.SQLITE3 ref: 6096754F
                                                                                          • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                        • sqlite3_bind_int.SQLITE3 ref: 609690B2
                                                                                        • sqlite3_bind_blob.SQLITE3 ref: 609690DB
                                                                                        • sqlite3_step.SQLITE3 ref: 609690E6
                                                                                        • sqlite3_reset.SQLITE3 ref: 609690F1
                                                                                        • sqlite3_free.SQLITE3 ref: 60969102
                                                                                        • sqlite3_free.SQLITE3 ref: 6096910D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_reset$sqlite3_step$sqlite3_column_int64sqlite3_free$sqlite3_bind_int64$sqlite3_bind_int$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mprintf$sqlite3_column_intsqlite3_mutex_leave$memcmpsqlite3_bind_blobsqlite3_bind_valuesqlite3_blob_bytessqlite3_blob_readsqlite3_blob_reopensqlite3_initializesqlite3_mutex_entersqlite3_prepare_v2sqlite3_reallocsqlite3_value_blobsqlite3_value_bytes
                                                                                        • String ID: $d
                                                                                        • API String ID: 2451604321-2084297493
                                                                                        • Opcode ID: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                        • Instruction ID: 6b7ea73e19bc996eb6a422b8fcf26663d3cb25e4dd91ceba81a4d6a678ae72ab
                                                                                        • Opcode Fuzzy Hash: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                        • Instruction Fuzzy Hash: 2CF2CF74A152288FDB54CF68C980B9EBBF2BF69304F1185A9E888A7341D774ED85CF41
                                                                                        APIs
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6096A64C
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6096A656
                                                                                        • sqlite3_strnicmp.SQLITE3 ref: 6096A682
                                                                                        • sqlite3_strnicmp.SQLITE3 ref: 6096A6BC
                                                                                        • sqlite3_mprintf.SQLITE3 ref: 6096A6F9
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6096A754
                                                                                        • sqlite3_step.SQLITE3 ref: 6096A969
                                                                                        • sqlite3_free.SQLITE3 ref: 6096A9AC
                                                                                        • sqlite3_finalize.SQLITE3 ref: 6096A9BB
                                                                                        • sqlite3_strnicmp.SQLITE3 ref: 6096B04A
                                                                                          • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                          • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                          • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                        • sqlite3_value_int.SQLITE3 ref: 6096B241
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6096B270
                                                                                        • sqlite3_bind_null.SQLITE3 ref: 6096B2DF
                                                                                        • sqlite3_step.SQLITE3 ref: 6096B2EA
                                                                                        • sqlite3_reset.SQLITE3 ref: 6096B2F5
                                                                                        • sqlite3_value_int.SQLITE3 ref: 6096B43B
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6096B530
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6096B576
                                                                                        • sqlite3_free.SQLITE3 ref: 6096B5F4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_stepsqlite3_strnicmp$sqlite3_freesqlite3_mallocsqlite3_resetsqlite3_value_bytessqlite3_value_intsqlite3_value_text$sqlite3_bind_intsqlite3_bind_nullsqlite3_finalizesqlite3_mprintf
                                                                                        • String ID: optimize
                                                                                        • API String ID: 1540667495-3797040228
                                                                                        • Opcode ID: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                        • Instruction ID: 15d53f9c7948a495e2c6926a79545eea34293df74e7a3e63ea56b3727437b729
                                                                                        • Opcode Fuzzy Hash: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                        • Instruction Fuzzy Hash: 54B2F670A142198FEB14DF68C890B9DBBF6BF68304F1085A9E889AB351E774DD85CF41
                                                                                        APIs
                                                                                        • sqlite3_finalize.SQLITE3 ref: 60966178
                                                                                        • sqlite3_free.SQLITE3 ref: 60966183
                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609661AE
                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609661DE
                                                                                        • sqlite3_value_text.SQLITE3 ref: 60966236
                                                                                        • sqlite3_value_int.SQLITE3 ref: 60966274
                                                                                        • memcmp.MSVCRT ref: 6096639E
                                                                                          • Part of subcall function 60940A5B: sqlite3_malloc.SQLITE3 ref: 60940AA1
                                                                                          • Part of subcall function 60940A5B: sqlite3_free.SQLITE3 ref: 60940C1D
                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60966B51
                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60966B7D
                                                                                          • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                          • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_numeric_type$memcmpsqlite3_finalizesqlite3_initializesqlite3_mallocsqlite3_value_intsqlite3_value_textsqlite3_vmprintf
                                                                                        • String ID: ASC$DESC$x
                                                                                        • API String ID: 4082667235-1162196452
                                                                                        • Opcode ID: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                        • Instruction ID: 01f4316cc9c65235d83944c747b96ccca9397e1276bdc6c450b31a73d7ca280a
                                                                                        • Opcode Fuzzy Hash: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                        • Instruction Fuzzy Hash: AD921274A14319CFEB10CFA9C99079DBBB6BF69304F20816AD858AB342D774E985CF41
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 609693A5
                                                                                        • sqlite3_step.SQLITE3(?,?), ref: 609693B0
                                                                                        • sqlite3_column_int64.SQLITE3(?,?), ref: 609693DC
                                                                                          • Part of subcall function 6096A2BD: sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                          • Part of subcall function 6096A2BD: sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                          • Part of subcall function 6096A2BD: sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                          • Part of subcall function 6096A2BD: sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                        • sqlite3_reset.SQLITE3(?,?), ref: 609693F3
                                                                                        • sqlite3_malloc.SQLITE3(?), ref: 60969561
                                                                                        • sqlite3_malloc.SQLITE3(?), ref: 6096958D
                                                                                        • sqlite3_step.SQLITE3(?), ref: 609695D2
                                                                                        • sqlite3_column_int64.SQLITE3(?), ref: 609695EA
                                                                                        • sqlite3_reset.SQLITE3(?), ref: 60969604
                                                                                        • sqlite3_realloc.SQLITE3(?), ref: 609697D0
                                                                                        • sqlite3_realloc.SQLITE3(?), ref: 609698A9
                                                                                          • Part of subcall function 609129D5: sqlite3_initialize.SQLITE3(?,?,?,60915F55,?,?,?,?,?,?,00000000,?,?,?,60915FE2,00000000), ref: 609129E0
                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 609699B8
                                                                                        • sqlite3_bind_int64.SQLITE3(?), ref: 6096934D
                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        • sqlite3_bind_int64.SQLITE3(?,?), ref: 60969A6A
                                                                                        • sqlite3_step.SQLITE3(?,?), ref: 60969A75
                                                                                        • sqlite3_reset.SQLITE3(?,?), ref: 60969A80
                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D41
                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D4C
                                                                                        • sqlite3_free.SQLITE3(?), ref: 60969D5B
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_mallocsqlite3_realloc$sqlite3_column_intsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2
                                                                                        • String ID:
                                                                                        • API String ID: 961572588-0
                                                                                        • Opcode ID: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                        • Instruction ID: dba6eef834311e7f80380fc62c490a647dd1765b4da9a7e0a506f520bf28697a
                                                                                        • Opcode Fuzzy Hash: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                        • Instruction Fuzzy Hash: 9872F275A042298FDB24CF69C88078DB7F6FF98314F1586A9D889AB341D774AD81CF81
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_mutex_leavesqlite3_stricmp
                                                                                        • String ID: 2$foreign key$indexed
                                                                                        • API String ID: 4126863092-702264400
                                                                                        • Opcode ID: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                        • Instruction ID: 3d5d194cd292e354de8359ea213fef7e5121ae3f60f7d2d7ba557b44893e8b9c
                                                                                        • Opcode Fuzzy Hash: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                        • Instruction Fuzzy Hash: 6BE1B374A142099FDB04CFA8D590A9DBBF2BFA9304F21C129E855AB754DB35ED82CF40
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094A72B
                                                                                        • sqlite3_step.SQLITE3 ref: 6094A73C
                                                                                        • sqlite3_column_blob.SQLITE3 ref: 6094A760
                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 6094A77C
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6094A793
                                                                                        • sqlite3_reset.SQLITE3 ref: 6094A7F2
                                                                                        • sqlite3_free.SQLITE3(?), ref: 6094A87C
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_mallocsqlite3_mutex_entersqlite3_resetsqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 2794791986-0
                                                                                        • Opcode ID: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                        • Instruction ID: 088d5e00ded46b3eb5457b54e5d33bc48436a4b712d77f6ae5dc1ca3eb859b7b
                                                                                        • Opcode Fuzzy Hash: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                        • Instruction Fuzzy Hash: BE5110B5A042058FCB04CF69C48069ABBF6FF68318F158569E858AB345D734EC82CF90
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_stricmp
                                                                                        • String ID: USING COVERING INDEX $DISTINCT$ORDER BY
                                                                                        • API String ID: 912767213-1308749736
                                                                                        • Opcode ID: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                        • Instruction ID: 4f43644a9add5c5df618cbd47cd61ce2203d262f2077f605e752fe25420d36ab
                                                                                        • Opcode Fuzzy Hash: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                        • Instruction Fuzzy Hash: 2412D674A08268CFDB25DF28C880B5AB7B3AFA9314F1085E9E8899B355D774DD81CF41
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B488
                                                                                        • sqlite3_step.SQLITE3 ref: 6094B496
                                                                                        • sqlite3_reset.SQLITE3 ref: 6094B4A4
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B4D2
                                                                                        • sqlite3_step.SQLITE3 ref: 6094B4E0
                                                                                        • sqlite3_reset.SQLITE3 ref: 6094B4EE
                                                                                          • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4082478743-0
                                                                                        • Opcode ID: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                        • Instruction ID: 9e7f29540a3c6f2d28ce6b101cd1a975f5529a8f599b89b7128c34d749e8d9ce
                                                                                        • Opcode Fuzzy Hash: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                        • Instruction Fuzzy Hash: DD41D2B4A087018FCB50DF69C484A9EB7F6EFA8364F158929EC99CB315E734E8418F51
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6094D354
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6094D546
                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905D8B
                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DA4
                                                                                          • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DB8
                                                                                        • sqlite3_stricmp.SQLITE3 ref: 6094D3DA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_stricmp$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID: BINARY$INTEGER
                                                                                        • API String ID: 317512412-1676293250
                                                                                        • Opcode ID: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                        • Instruction ID: cace79839434994537c0410bddb438ad3d501bddbf1b20fcc6a8a8bdb5da7fdd
                                                                                        • Opcode Fuzzy Hash: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                        • Instruction Fuzzy Hash: 8E712978A056099BDB05CF69C49079EBBF2BFA8308F11C529EC55AB3A4D734E941CF80
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B582
                                                                                        • sqlite3_step.SQLITE3 ref: 6094B590
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 6094B5AD
                                                                                        • sqlite3_reset.SQLITE3 ref: 6094B5EE
                                                                                        • memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: memmovesqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 2802900177-0
                                                                                        • Opcode ID: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                        • Instruction ID: fa681a173a9aa7ad5377a8f3376375fc0286f70c891b696e42c92f52458a3a0e
                                                                                        • Opcode Fuzzy Hash: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                        • Instruction Fuzzy Hash: 0B517D75A082018FCB14CF69C48169EF7F7FBA8314F25C669D8499B318EA74EC81CB81
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093F443
                                                                                          • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093F45C
                                                                                          • Part of subcall function 60939559: memcmp.MSVCRT ref: 60939694
                                                                                          • Part of subcall function 60939559: memcmp.MSVCRT ref: 609396CA
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093F8CD
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093F8E3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcmpsqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                        • String ID:
                                                                                        • API String ID: 4038589952-0
                                                                                        • Opcode ID: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                        • Instruction ID: 916146ddc5613ce70bfe97dc7fabc38680eb49f4f4fdba01105907ea2da9c682
                                                                                        • Opcode Fuzzy Hash: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                        • Instruction Fuzzy Hash: 87F13674A046158FDB18CFA9C590A9EB7F7AFA8308F248429E846AB355D774EC42CF40
                                                                                        APIs
                                                                                          • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                          • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                          • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                          • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094C719
                                                                                        • sqlite3_step.SQLITE3 ref: 6094C72A
                                                                                        • sqlite3_reset.SQLITE3 ref: 6094C73B
                                                                                          • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                          • Part of subcall function 6094A9F5: sqlite3_free.SQLITE3 ref: 6094AA7A
                                                                                        • sqlite3_free.SQLITE3 ref: 6094C881
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_freesqlite3_resetsqlite3_step$memmovesqlite3_column_int64
                                                                                        • String ID:
                                                                                        • API String ID: 3487101843-0
                                                                                        • Opcode ID: 5f7c6ccdcb237f7a487fb09799aacf08d073da1bf61c53431d7ccff799043987
                                                                                        • Instruction ID: dadb85a3919e548a164012fc2e04d9b0ab11445217433cc10b515e99a95ed5c3
                                                                                        • Opcode Fuzzy Hash: 5f7c6ccdcb237f7a487fb09799aacf08d073da1bf61c53431d7ccff799043987
                                                                                        • Instruction Fuzzy Hash: 3681FA74A046098FCB44DF99C480A9DF7F7AFA8354F258529E855AB314EB34EC46CF90
                                                                                        APIs
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                        • sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                          • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096A3F3
                                                                                        • sqlite3_step.SQLITE3 ref: 6096A435
                                                                                        • sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_resetsqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 247099642-0
                                                                                        • Opcode ID: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                        • Instruction ID: 69535c0605dcb565d56369453fd68d3a3097adfd173720c6e67b3d4aca8354ad
                                                                                        • Opcode Fuzzy Hash: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                        • Instruction Fuzzy Hash: FF2151B0A143148BEB109FA9D88479EB7FAEF64308F00852DE89597350EBB8D845CF51
                                                                                        APIs
                                                                                          • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                          • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                          • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        • sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                          • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                        • sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2sqlite3_resetsqlite3_stepsqlite3_value_int
                                                                                        • String ID:
                                                                                        • API String ID: 326482775-0
                                                                                        • Opcode ID: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                        • Instruction ID: 7c1586c82cd56d85cf32929a5cd575737867df940847ca2bf63216634e784e33
                                                                                        • Opcode Fuzzy Hash: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                        • Instruction Fuzzy Hash: 0E214DB0A043049BDB04DFA9C480B9EF7FAEFA8354F04C429E8959B340E778D8418B51
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B71E
                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 6094B73C
                                                                                        • sqlite3_step.SQLITE3 ref: 6094B74A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64$sqlite3_mutex_leavesqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 3305529457-0
                                                                                        • Opcode ID: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                        • Instruction ID: cea3564161c85327b61b62d60446574847d05a2bcfebeda4641ea5396b37aa5a
                                                                                        • Opcode Fuzzy Hash: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                        • Instruction Fuzzy Hash: D401A8B45047049FCB00DF19D9C968ABBE5FF98354F158869FC888B305D374E8548BA6
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6090C1EA
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6090C22F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1477753154-0
                                                                                        • Opcode ID: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                        • Instruction ID: fc120f7ed3300d8301d0f99cb769197b575d5683181bd6b289e4b53452841bc5
                                                                                        • Opcode Fuzzy Hash: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                        • Instruction Fuzzy Hash: 6501F4715042548BDB449F2EC4C576EBBEAEF65318F048469DD419B326D374D882CBA1
                                                                                        APIs
                                                                                          • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 609255B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1465156292-0
                                                                                        • Opcode ID: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                        • Instruction ID: 19c4c58ecb434a21204d9b38047e93a23a7f28015e8477a734fda6841bb58fe8
                                                                                        • Opcode Fuzzy Hash: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                        • Instruction Fuzzy Hash: 56317AB4A082188FCB04DF69D880A8EBBF6FF99314F008559FC5897348D734D940CBA5
                                                                                        APIs
                                                                                          • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60925508
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1465156292-0
                                                                                        • Opcode ID: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                        • Instruction ID: ad89f0bb34aa7175efe61e1ac22fb0c12735e6005c3b9edbf096fd229bca234b
                                                                                        • Opcode Fuzzy Hash: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                        • Instruction Fuzzy Hash: 5A01A475B107148BCB109F2ACC8164BBBFAEF68254F05991AEC41DB315D775ED458BC0
                                                                                        APIs
                                                                                          • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1465156292-0
                                                                                        • Opcode ID: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                        • Instruction ID: 4fd0dfe8dd6226820e052206e0db6187a6d8a97f2116fb4a305c2fd2856f8961
                                                                                        • Opcode Fuzzy Hash: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                        • Instruction Fuzzy Hash: 94F08CB5A002099BCB00DF2AD88088ABBBAFF98264B05952AEC049B314D770E941CBD0
                                                                                        APIs
                                                                                          • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60925678
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1465156292-0
                                                                                        • Opcode ID: 20ce1548f611e36a3668a48b9975394e1a388ab84833d9cb320a678b216caf11
                                                                                        • Instruction ID: bc2fa39936d9f4ed0ba1ebf98b65e017ff83ed2bbf5e058a49948814e7f33c49
                                                                                        • Opcode Fuzzy Hash: 20ce1548f611e36a3668a48b9975394e1a388ab84833d9cb320a678b216caf11
                                                                                        • Instruction Fuzzy Hash: 59E0EC74A042089BCB04DF6AD4C194AB7F9EF58258B14D665EC458B309E231E9858BC1
                                                                                        APIs
                                                                                        • sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                          • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 3064317574-0
                                                                                        • Opcode ID: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                        • Instruction ID: 7a9bf9350bb0d435b7485bd9c083abc2dab3a9c90cc7cce47300d03dda88f0d0
                                                                                        • Opcode Fuzzy Hash: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                        • Instruction Fuzzy Hash: FFD092B4909309AFCB00EF29C48644EBBE5AF98258F40C82DFC98C7314E274E8408F92
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                        • Instruction ID: 29002ccca7877ead4b7e7e784383ace88c03f26ddf616943a2b43c0eb71ea2e3
                                                                                        • Opcode Fuzzy Hash: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                        • Instruction Fuzzy Hash: 36E0E2B850430DABDF00CF09D8C188A7BAAFB08364F10C119FC190B305C371E9548BA1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                        • Instruction ID: a276b763828cd9d21177d39229c24ef0f5c00ef14d0f26540801fec71d9d5410
                                                                                        • Opcode Fuzzy Hash: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                        • Instruction Fuzzy Hash: 29E0E2B850430DABDF00CF09D8C198A7BAAFB08264F10C119FC190B304C331E9148BE1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                        • Instruction ID: aa639d4c52eda77921d109c173628d401b16d57fa3137d2b917a91732d8775c8
                                                                                        • Opcode Fuzzy Hash: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                        • Instruction Fuzzy Hash: D7C01265704208574B00E92DE8C154577AA9718164B108039E80B87301D975ED084291
                                                                                        APIs
                                                                                        • sqlite3_initialize.SQLITE3 ref: 6096C5BE
                                                                                          • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                        • sqlite3_log.SQLITE3 ref: 6096C5FC
                                                                                        • sqlite3_free.SQLITE3 ref: 6096C67E
                                                                                        • sqlite3_free.SQLITE3 ref: 6096CD71
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6096CD80
                                                                                        • sqlite3_errcode.SQLITE3 ref: 6096CD88
                                                                                        • sqlite3_close.SQLITE3 ref: 6096CD97
                                                                                        • sqlite3_create_function.SQLITE3 ref: 6096CDF8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_closesqlite3_create_functionsqlite3_errcodesqlite3_initializesqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID: BINARY$NOCASE$RTRIM$porter$rtree$rtree_i32$simple
                                                                                        • API String ID: 1320758876-2501389569
                                                                                        • Opcode ID: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                        • Instruction ID: 66f98c4e8467cc0752991b2fada45a5d6d89a43a55ba94f1559c09c68fc79e30
                                                                                        • Opcode Fuzzy Hash: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                        • Instruction Fuzzy Hash: 7A024BB05183019BEB119F64C49536ABFF6BFA1348F11882DE8959F386D7B9C845CF82
                                                                                        APIs
                                                                                        • sqlite3_free.SQLITE3 ref: 609264C9
                                                                                        • sqlite3_free.SQLITE3 ref: 60926526
                                                                                        • sqlite3_free.SQLITE3 ref: 6092652E
                                                                                        • sqlite3_free.SQLITE3 ref: 60926550
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                          • Part of subcall function 6090AFF5: sqlite3_free.SQLITE3 ref: 6090B09A
                                                                                        • sqlite3_free.SQLITE3 ref: 60926626
                                                                                        • sqlite3_win32_mbcs_to_utf8.SQLITE3 ref: 6092662E
                                                                                        • sqlite3_free.SQLITE3 ref: 60926638
                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6092666B
                                                                                        • sqlite3_free.SQLITE3 ref: 60926673
                                                                                        • sqlite3_snprintf.SQLITE3 ref: 609266B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_mbcs_to_utf8
                                                                                        • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                        • API String ID: 937752868-2111127023
                                                                                        • Opcode ID: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                        • Instruction ID: 28f04709130b2e8b140c84fcd32bad5e17fba194e1ccee1aab8ced89c5ccf9cf
                                                                                        • Opcode Fuzzy Hash: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                        • Instruction Fuzzy Hash: EA712E706183058FE700AF69D88465DBFF6AFA5748F00C82DE8999B314E778C845DF92
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc$sqlite3_freesqlite3_vfs_find
                                                                                        • String ID: @$access$cache
                                                                                        • API String ID: 4158134138-1361544076
                                                                                        • Opcode ID: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                        • Instruction ID: 35071b2ec389daa84eb338d99e29a1052eb2425681bc363379ff67fe3f9a0dd7
                                                                                        • Opcode Fuzzy Hash: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                        • Instruction Fuzzy Hash: 27D19E75D183458BDB11CF69E58039EBBF7AFAA304F20846ED4949B349D339D882CB52
                                                                                        APIs
                                                                                        Strings
                                                                                        • ATTACH '' AS vacuum_db;, xrefs: 60948529
                                                                                        • SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 609486C8
                                                                                        • ATTACH ':memory:' AS vacuum_db;, xrefs: 60948534
                                                                                        • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';, xrefs: 60948768
                                                                                        • INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0), xrefs: 60948788
                                                                                        • PRAGMA vacuum_db.synchronous=OFF, xrefs: 609485BB
                                                                                        • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 60948728
                                                                                        • SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %', xrefs: 60948708
                                                                                        • BEGIN;, xrefs: 609485DB
                                                                                        • SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' , xrefs: 60948748
                                                                                        • SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' , xrefs: 609486E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: ATTACH '' AS vacuum_db;$ATTACH ':memory:' AS vacuum_db;$BEGIN;$INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)$PRAGMA vacuum_db.synchronous=OFF$SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' $SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0$SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'$SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' $SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';$SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                                                                        • API String ID: 632333372-52344843
                                                                                        • Opcode ID: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                        • Instruction ID: 17dae18cb22bd420f764556e48f7e631e7f528851c991f2db59136dec61311d4
                                                                                        • Opcode Fuzzy Hash: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                        • Instruction Fuzzy Hash: 1202F6B0A046299BDB2ACF18C88179EB7FABF65304F1081D9E858AB355D771DE81CF41
                                                                                        APIs
                                                                                          • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                          • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                          • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                          • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                          • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                          • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                          • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                        • sqlite3_malloc.SQLITE3 ref: 60960384
                                                                                        • sqlite3_free.SQLITE3 ref: 609605EA
                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6096060D
                                                                                        • sqlite3_free.SQLITE3 ref: 60960618
                                                                                        • sqlite3_result_text.SQLITE3 ref: 6096063C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_result_error_code$sqlite3_bind_int64sqlite3_mallocsqlite3_mprintfsqlite3_resetsqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                        • String ID: offsets
                                                                                        • API String ID: 463808202-2642679573
                                                                                        • Opcode ID: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                        • Instruction ID: 1101d6838161b799219a4b3d5732631e197d31251dd2d8b91c34f261bd2faa79
                                                                                        • Opcode Fuzzy Hash: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                        • Instruction Fuzzy Hash: 72C1D374A183198FDB14CF59C580B8EBBF2BFA8314F2085A9E849AB354D734D985CF52
                                                                                        APIs
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A3C1
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A3D6
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A3E4
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A416
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A424
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A43A
                                                                                        • sqlite3_result_text.SQLITE3 ref: 6091A5A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_text
                                                                                        • String ID:
                                                                                        • API String ID: 2903785150-0
                                                                                        • Opcode ID: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                        • Instruction ID: 050d84d3da0bd462ad4a4a15df4a38950001fc66f1de33c81d7c2c3a6f7146e7
                                                                                        • Opcode Fuzzy Hash: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                        • Instruction Fuzzy Hash: 8971D074E086599FCF00DFA8C88069DBBF2BF59314F1485AAE855AB304E734EC85CB91
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_malloc
                                                                                        • String ID:
                                                                                        • API String ID: 423083942-0
                                                                                        • Opcode ID: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                        • Instruction ID: dba10035f3c017a022ff92dc0406edc4c972eb6647695f7afdbed5011b3e14eb
                                                                                        • Opcode Fuzzy Hash: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                        • Instruction Fuzzy Hash: 9112E3B4A15218CFCB18CF98D480A9EBBF6BF98304F24855AD855AB319D774EC42CF90
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091264D
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912662
                                                                                        • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091273E
                                                                                        • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912753
                                                                                        • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912758
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912803
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091280E
                                                                                        • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091282A
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091283F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                        • String ID:
                                                                                        • API String ID: 3556715608-0
                                                                                        • Opcode ID: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                        • Instruction ID: 37d7613b282c24208f37f95ee69ae3eaf9c0527d79975c213f2f38643f7f707f
                                                                                        • Opcode Fuzzy Hash: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                        • Instruction Fuzzy Hash: FEA14A71A2C215CBEB009F69CC843257FE7B7A7318F10816DD415AB2A0E7B9DC95EB11
                                                                                        APIs
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6095F645
                                                                                        • sqlite3_exec.SQLITE3 ref: 6095F686
                                                                                          • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                        • sqlite3_free_table.SQLITE3 ref: 6095F6A0
                                                                                        • sqlite3_mprintf.SQLITE3 ref: 6095F6C7
                                                                                          • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                          • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                        • sqlite3_free.SQLITE3 ref: 6095F6B4
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        • sqlite3_free.SQLITE3 ref: 6095F6D4
                                                                                        • sqlite3_free.SQLITE3 ref: 6095F6ED
                                                                                        • sqlite3_free_table.SQLITE3 ref: 6095F6FF
                                                                                        • sqlite3_realloc.SQLITE3 ref: 6095F71B
                                                                                        • sqlite3_free_table.SQLITE3 ref: 6095F72D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_free_table$sqlite3_execsqlite3_initializesqlite3_logsqlite3_mallocsqlite3_mprintfsqlite3_mutex_entersqlite3_reallocsqlite3_vmprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1866449048-0
                                                                                        • Opcode ID: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                        • Instruction ID: 9ac78cbffd0e0cf27e5d0fdbf17c3a3d034f00011a14f89e76d08e502163788c
                                                                                        • Opcode Fuzzy Hash: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                        • Instruction Fuzzy Hash: 8751F1B49467099FDB01DF69D59178EBBF6FF68318F104429E884AB300D379D894CB91
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $ AND $%s USING %sINDEX %s%s$%s USING AUTOMATIC %sINDEX%.0s%s$)><$0$ANY($COVERING $SCAN$SEARCH$rowid
                                                                                        • API String ID: 0-780898
                                                                                        • Opcode ID: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                        • Instruction ID: 1b008e11d07f16b9462ef115b46fd1892196ed4c5360d6a6f9a636b6bab85f9b
                                                                                        • Opcode Fuzzy Hash: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                        • Instruction Fuzzy Hash: 46D109B0A087099FD714CF99C19079DBBF2BFA8308F10886AE495AB355D774D982CF81
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: aolf$aolf$bolb$bolc$buod$buod$laer$laer$rahc$tni$txet
                                                                                        • API String ID: 0-2604012851
                                                                                        • Opcode ID: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                        • Instruction ID: a78f5df49eecf700eafad7d6eadd6707640e608d2d263d021760269e78388884
                                                                                        • Opcode Fuzzy Hash: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                        • Instruction Fuzzy Hash: 2D31B171A891458ADB21891C85503EE7FBB9BE3344F28902EC8B2DB246C735CCD0C3A2
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcmp$sqlite3_logsqlite3_mutex_try
                                                                                        • String ID: 0$SQLite format 3
                                                                                        • API String ID: 3174206576-3388949527
                                                                                        • Opcode ID: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                        • Instruction ID: d3cc03899c2fb96d27ccc41cf7ad58ff30b38a29db2c3208110d6cb2c70dce50
                                                                                        • Opcode Fuzzy Hash: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                        • Instruction Fuzzy Hash: A3028BB0A082659BDB09CF68D48178ABBF7FFA5308F148269E8459B345DB74DC85CF81
                                                                                        APIs
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6095F030
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6095F03E
                                                                                        • sqlite3_stricmp.SQLITE3 ref: 6095F0B3
                                                                                        • sqlite3_free.SQLITE3 ref: 6095F180
                                                                                          • Part of subcall function 6092E279: strcmp.MSVCRT ref: 6092E2AE
                                                                                          • Part of subcall function 6092E279: sqlite3_free.SQLITE3 ref: 6092E3A8
                                                                                        • sqlite3_free.SQLITE3 ref: 6095F1BD
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6095F34E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codesqlite3_stricmpstrcmp
                                                                                        • String ID: |
                                                                                        • API String ID: 1576672187-2343686810
                                                                                        • Opcode ID: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                        • Instruction ID: c4017fd8acd983bc841f22cdb0f4132ffe50c361176833da1127552c957ad2bb
                                                                                        • Opcode Fuzzy Hash: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                        • Instruction Fuzzy Hash: B2B189B4A08308CBDB01CF69C491B9EBBF2BF68358F148968E854AB355D734EC55CB81
                                                                                        APIs
                                                                                        • sqlite3_file_control.SQLITE3 ref: 609537BD
                                                                                        • sqlite3_free.SQLITE3 ref: 60953842
                                                                                        • sqlite3_free.SQLITE3 ref: 6095387C
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        • sqlite3_stricmp.SQLITE3 ref: 609538D4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_file_controlsqlite3_mutex_entersqlite3_stricmp
                                                                                        • String ID: 6$timeout
                                                                                        • API String ID: 2671017102-3660802998
                                                                                        • Opcode ID: 8cffcba2199636318c40f61931f0f453c1b4c4e8a0677f5b7de6569c291e0b77
                                                                                        • Instruction ID: da3e9078838fdf1f068eeacc94130b5fe058058c2a53432068b0843c8cdd1fdd
                                                                                        • Opcode Fuzzy Hash: 8cffcba2199636318c40f61931f0f453c1b4c4e8a0677f5b7de6569c291e0b77
                                                                                        • Instruction Fuzzy Hash: 6CA11270A083198BDB15CF6AC88079EBBF6BFA9304F10846DE8589B354D774D885CF41
                                                                                        APIs
                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D450
                                                                                          • Part of subcall function 60917354: sqlite3_vsnprintf.SQLITE3 ref: 60917375
                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D4A1
                                                                                        • sqlite3_snprintf.SQLITE3 ref: 6095D525
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_snprintf$sqlite3_vsnprintf
                                                                                        • String ID: $)><$sqlite_master$sqlite_temp_master
                                                                                        • API String ID: 652164897-1572359634
                                                                                        • Opcode ID: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                        • Instruction ID: a98725bc65f6cff0ffebef66634980575a39ba2d787d432de3c608a01e11e389
                                                                                        • Opcode Fuzzy Hash: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                        • Instruction Fuzzy Hash: 5991F275E05219CFCB15CF98C48169DBBF2BFA9308F14845AE859AB314DB34ED46CB81
                                                                                        APIs
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091B06E
                                                                                        • sqlite3_result_error_toobig.SQLITE3 ref: 6091B178
                                                                                        • sqlite3_result_error_nomem.SQLITE3 ref: 6091B197
                                                                                        • sqlite3_result_text.SQLITE3 ref: 6091B5A3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                        • String ID:
                                                                                        • API String ID: 2352520524-0
                                                                                        • Opcode ID: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                        • Instruction ID: 99f21b63ad5c9672efebb0dd762c853f70c7e366ddc85f9db9da2d733c13ec0c
                                                                                        • Opcode Fuzzy Hash: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                        • Instruction Fuzzy Hash: F9E16B71E4C2199BDB208F18C89039EBBF7AB65314F1584DAE8A857351D738DCC19F82
                                                                                        APIs
                                                                                          • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                          • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                          • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A4D7
                                                                                          • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                        • sqlite3_result_text.SQLITE3 ref: 6096A5D3
                                                                                          • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                          • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                          • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A523
                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A554
                                                                                        • sqlite3_exec.SQLITE3 ref: 6096A57F
                                                                                        • sqlite3_result_error_code.SQLITE3 ref: 6096A5E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_exec$sqlite3_bind_intsqlite3_freesqlite3_logsqlite3_mprintfsqlite3_resetsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                        • String ID: optimize
                                                                                        • API String ID: 3659050757-3797040228
                                                                                        • Opcode ID: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                        • Instruction ID: 653702cfcd2f061f0588c77de086fc27204f9fc351fc8b4992cba684a546c14d
                                                                                        • Opcode Fuzzy Hash: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                        • Instruction Fuzzy Hash: E831C3B11187119FE310DF24C49570FBBE6ABA1368F10C91DF9968B350E7B9D8459F82
                                                                                        APIs
                                                                                        • sqlite3_column_blob.SQLITE3 ref: 609654FB
                                                                                        • sqlite3_column_bytes.SQLITE3 ref: 60965510
                                                                                        • sqlite3_reset.SQLITE3 ref: 60965556
                                                                                        • sqlite3_reset.SQLITE3 ref: 609655B8
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                        • sqlite3_malloc.SQLITE3 ref: 60965655
                                                                                        • sqlite3_free.SQLITE3 ref: 60965714
                                                                                        • sqlite3_free.SQLITE3 ref: 6096574B
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        • sqlite3_free.SQLITE3 ref: 609657AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 2722129401-0
                                                                                        • Opcode ID: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                        • Instruction ID: e3a8cc565ee031670952cbbbf81914cbe75110044a29491daaf6513bdc913a85
                                                                                        • Opcode Fuzzy Hash: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                        • Instruction Fuzzy Hash: BBD1D270E14219CFEB14CFA9C48469DBBF2BF68304F20856AD899AB346D774E845CF81
                                                                                        APIs
                                                                                        • sqlite3_malloc.SQLITE3 ref: 609645D9
                                                                                          • Part of subcall function 60928099: sqlite3_malloc.SQLITE3 ref: 609280ED
                                                                                        • sqlite3_free.SQLITE3 ref: 609647C5
                                                                                          • Part of subcall function 60963D35: memcmp.MSVCRT ref: 60963E74
                                                                                        • sqlite3_free.SQLITE3 ref: 6096476B
                                                                                          • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                        • sqlite3_free.SQLITE3 ref: 6096477B
                                                                                        • sqlite3_free.SQLITE3 ref: 60964783
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_malloc$memcmpsqlite3_mutex_enter
                                                                                        • String ID:
                                                                                        • API String ID: 571598680-0
                                                                                        • Opcode ID: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                        • Instruction ID: 53ad94a03898eae12f4127695087571842428d6fdffc19c65fee49adcf86f1ae
                                                                                        • Opcode Fuzzy Hash: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                        • Instruction Fuzzy Hash: 5E91F674E14228CFEB14CFA9D890B9EBBB6BB99304F1085AAD849A7344D734DD81CF51
                                                                                        APIs
                                                                                        • sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                          • Part of subcall function 60962F28: sqlite3_log.SQLITE3 ref: 60962F5D
                                                                                        • sqlite3_mprintf.SQLITE3 ref: 60963534
                                                                                        • sqlite3_blob_open.SQLITE3 ref: 6096358B
                                                                                        • sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                        • sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                        • sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                        • sqlite3_free.SQLITE3 ref: 60963621
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_logsqlite3_mallocsqlite3_mprintf
                                                                                        • String ID:
                                                                                        • API String ID: 4276469440-0
                                                                                        • Opcode ID: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                        • Instruction ID: 177081cd506585250240414a33056f89eeda992db91a315aff795e5fc91eaf1e
                                                                                        • Opcode Fuzzy Hash: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                        • Instruction Fuzzy Hash: C641E5B09087059FDB40DF29C48179EBBE6AF98354F01C87AE898DB354E734D841DB92
                                                                                        APIs
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A240
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A24E
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A25A
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A27C
                                                                                        Strings
                                                                                        • ESCAPE expression must be a single character, xrefs: 6091A293
                                                                                        • LIKE or GLOB pattern too complex, xrefs: 6091A267
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_text$sqlite3_value_bytes
                                                                                        • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                        • API String ID: 4080917175-264706735
                                                                                        • Opcode ID: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                        • Instruction ID: 7e7232241edcba55bc41816b79a09feadaac9d75cc2fb544db44a2248cbef301
                                                                                        • Opcode Fuzzy Hash: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                        • Instruction Fuzzy Hash: A4214C74A182198BCB00DF79C88165EBBF6FF64354B108AA9E864DB344E734DCC6CB95
                                                                                        APIs
                                                                                          • Part of subcall function 6092506E: sqlite3_log.SQLITE3 ref: 609250AB
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 609250E7
                                                                                        • sqlite3_value_text16.SQLITE3 ref: 60925100
                                                                                        • sqlite3_value_text16.SQLITE3 ref: 6092512C
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6092513E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_text16$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID: library routine called out of sequence$out of memory
                                                                                        • API String ID: 2019783549-3029887290
                                                                                        • Opcode ID: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                        • Instruction ID: f6310061860eb79c45c0a7b6efb00bde58ba827c5a391e7df96a4cb3fbc4cfa9
                                                                                        • Opcode Fuzzy Hash: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                        • Instruction Fuzzy Hash: 81014C70A083049BDB14AF69C9C170EBBE6BF64248F0488A9EC958F30EE775D8818B51
                                                                                        APIs
                                                                                        • sqlite3_finalize.SQLITE3 ref: 609406E3
                                                                                          • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940672
                                                                                          • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940696
                                                                                        • sqlite3_free.SQLITE3 ref: 609406F7
                                                                                        • sqlite3_free.SQLITE3 ref: 60940705
                                                                                        • sqlite3_free.SQLITE3 ref: 60940713
                                                                                        • sqlite3_free.SQLITE3 ref: 6094071E
                                                                                        • sqlite3_free.SQLITE3 ref: 60940729
                                                                                        • sqlite3_free.SQLITE3 ref: 6094073C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_log$sqlite3_finalize
                                                                                        • String ID:
                                                                                        • API String ID: 1159759059-0
                                                                                        • Opcode ID: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                        • Instruction ID: 8ceab58ab7f3fb7faec85fb80e78016d1f3d655de586deaf1cb04ee1bc4e3406
                                                                                        • Opcode Fuzzy Hash: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                        • Instruction Fuzzy Hash: C801E8B45447108BDB00AF78C4C5A59BBE5EF79B18F06096DECCA8B305D734D8809B91
                                                                                        APIs
                                                                                        • sqlite3_free.SQLITE3(?), ref: 609476DD
                                                                                          • Part of subcall function 60904423: sqlite3_mutex_leave.SQLITE3(6090449D,?,?,?,60908270), ref: 60904446
                                                                                        • sqlite3_log.SQLITE3 ref: 609498F5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_logsqlite3_mutex_leave
                                                                                        • String ID: List of tree roots: $d$|
                                                                                        • API String ID: 3709608969-1164703836
                                                                                        • Opcode ID: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                        • Instruction ID: c91562837ba2d96ae21b52ab8334c840e7cbe23d8154f1acff92b465618a0bd4
                                                                                        • Opcode Fuzzy Hash: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                        • Instruction Fuzzy Hash: 3FE10570A043698BDB22CF18C88179DFBBABF65304F1185D9E858AB251D775DE81CF81
                                                                                        APIs
                                                                                          • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                          • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                          • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                          • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 609600BA
                                                                                        • sqlite3_column_text.SQLITE3 ref: 609600EF
                                                                                        • sqlite3_free.SQLITE3 ref: 6096029A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_column_textsqlite3_freesqlite3_resetsqlite3_result_error_codesqlite3_step
                                                                                        • String ID: e
                                                                                        • API String ID: 786425071-4024072794
                                                                                        • Opcode ID: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                        • Instruction ID: e80500568aa73e744b5c90812a7938b6c4ac38b40afb48beb036dafaf3e7d002
                                                                                        • Opcode Fuzzy Hash: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                        • Instruction Fuzzy Hash: 6291E270A18609CFDB04CF99C494B9EBBF2BF98314F108529E869AB354D774E885CF91
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_exec
                                                                                        • String ID: sqlite_master$sqlite_temp_master$|
                                                                                        • API String ID: 2141490097-2247242311
                                                                                        • Opcode ID: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                        • Instruction ID: 9143400cfb6dc20a8edc2ca7c04099347fc9d468871a1d2187ae3123f936d49a
                                                                                        • Opcode Fuzzy Hash: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                        • Instruction Fuzzy Hash: C551B6B09083289BDB26CF18C885799BBFABF59304F108599E498A7351D775DA84CF41
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$memcmpsqlite3_realloc
                                                                                        • String ID:
                                                                                        • API String ID: 3422960571-0
                                                                                        • Opcode ID: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                        • Instruction ID: 3b390e38dde49c5924589a602beaf2ee173d98914be71c714148da16d267e2cf
                                                                                        • Opcode Fuzzy Hash: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                        • Instruction Fuzzy Hash: 42B1D0B4E142189BEB05CFA9C5807DDBBF6BFA8304F148429E858A7344D374E946CF91
                                                                                        APIs
                                                                                          • Part of subcall function 6090A0D5: sqlite3_free.SQLITE3 ref: 6090A118
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6094B1D1
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6094B24C
                                                                                        • sqlite3_malloc.SQLITE3 ref: 6094B272
                                                                                        • sqlite3_value_blob.SQLITE3 ref: 6094B298
                                                                                        • sqlite3_free.SQLITE3 ref: 6094B2C8
                                                                                          • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                          • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                          • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                          • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_malloc$sqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_stepsqlite3_value_blobsqlite3_value_bytes
                                                                                        • String ID:
                                                                                        • API String ID: 683514883-0
                                                                                        • Opcode ID: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                        • Instruction ID: 83940ce9cf0a2bab7a741171fc95cc3a005d2848f59039768723a80715f2adcb
                                                                                        • Opcode Fuzzy Hash: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                        • Instruction Fuzzy Hash: E19133B1A052099FCB04CFA9D490B9EBBF6FF68314F108569E855AB341DB34ED81CB91
                                                                                        APIs
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A200
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A391
                                                                                        • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A3A3
                                                                                        • sqlite3_free.SQLITE3 ref: 6093A3BA
                                                                                        • sqlite3_free.SQLITE3 ref: 6093A3C2
                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                          • Part of subcall function 6093A0C5: sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                          • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                          • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_free$sqlite3_mutex_enter
                                                                                        • String ID:
                                                                                        • API String ID: 1903298374-0
                                                                                        • Opcode ID: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                        • Instruction ID: f6c450fbbadf2e04ab128defb7df19fdb2a161b4e6cf4e71623f80625393026f
                                                                                        • Opcode Fuzzy Hash: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                        • Instruction Fuzzy Hash: EB513870A047218BDB58DF69C8C074AB7A6BF65318F05896CECA69B305D735EC41CF91
                                                                                        APIs
                                                                                          • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                        • sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                        • sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                        • sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                        • String ID:
                                                                                        • API String ID: 1894464702-0
                                                                                        • Opcode ID: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                        • Instruction ID: 8ebadd1dc7ee404a0f141fd21885e91e0aa1156a5a6df10951b92a0b718128ce
                                                                                        • Opcode Fuzzy Hash: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                        • Instruction Fuzzy Hash: CF313C70B086118BDB18DF79C8C1A1A7BFBBFB2704F148468E8418B219EB35DC419F91
                                                                                        APIs
                                                                                          • Part of subcall function 60925326: sqlite3_log.SQLITE3 ref: 60925352
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,609254CC), ref: 6092538E
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 609253C4
                                                                                        • sqlite3_log.SQLITE3 ref: 609253E2
                                                                                        • sqlite3_log.SQLITE3 ref: 60925406
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60925443
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log$sqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                        • String ID:
                                                                                        • API String ID: 3336957480-0
                                                                                        • Opcode ID: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                        • Instruction ID: a100dd02d465b32589d57b5b9efe4db3cd483c3b5de54de748c9b161d5d001e2
                                                                                        • Opcode Fuzzy Hash: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                        • Instruction Fuzzy Hash: D3315A70228704DBDB00EF28D49575ABBE6AFA1358F00886DE9948F36DD778C885DB02
                                                                                        APIs
                                                                                        • sqlite3_result_blob.SQLITE3 ref: 609613D0
                                                                                        • sqlite3_column_int.SQLITE3 ref: 6096143A
                                                                                        • sqlite3_data_count.SQLITE3 ref: 60961465
                                                                                        • sqlite3_column_value.SQLITE3 ref: 60961476
                                                                                        • sqlite3_result_value.SQLITE3 ref: 60961482
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_column_intsqlite3_column_valuesqlite3_data_countsqlite3_result_blobsqlite3_result_value
                                                                                        • String ID:
                                                                                        • API String ID: 3091402450-0
                                                                                        • Opcode ID: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                        • Instruction ID: 8b12398a3b1f37ca0d2e1a8d549e1f0529ecbd38da511dd0edd3444da8e5cc4d
                                                                                        • Opcode Fuzzy Hash: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                        • Instruction Fuzzy Hash: 72314DB19082058FDB00DF29C48064EB7F6FF65354F19856AE8999B361EB34E886CF81
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                        • String ID:
                                                                                        • API String ID: 251237202-0
                                                                                        • Opcode ID: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                        • Instruction ID: 8e14962182cb4ba31828fc05f1b37fa5954e33605a362b2e641de35f96add61e
                                                                                        • Opcode Fuzzy Hash: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                        • Instruction Fuzzy Hash: 022137B46087158BC709AF68C48570ABBF6FFA5318F10895DEC958B345DB74E940CB82
                                                                                        APIs
                                                                                        • sqlite3_aggregate_context.SQLITE3 ref: 6091A31E
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A349
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A356
                                                                                        • sqlite3_value_text.SQLITE3 ref: 6091A37B
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A387
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                                                        • String ID:
                                                                                        • API String ID: 4225432645-0
                                                                                        • Opcode ID: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                        • Instruction ID: 24a20a1669ecabf1c8c9e0f75de4e20f6480f0c3e20d7f4799920e66bb4c3c2a
                                                                                        • Opcode Fuzzy Hash: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                        • Instruction Fuzzy Hash: 3F21CF71B086588FDB009F29C48075E7BE7AFA4254F0484A8E894CF305EB34DC86CB91
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 6090359D
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 609035E0
                                                                                        • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 609035F9
                                                                                        • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 60903614
                                                                                        • sqlite3_free.SQLITE3(?,-00000200,?), ref: 6090361C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                        • String ID:
                                                                                        • API String ID: 251237202-0
                                                                                        • Opcode ID: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                        • Instruction ID: 98a7ce7f1ce2ff6a0e5ca4ca87ec4bf20a5c319c62b2fc6798152503390b0136
                                                                                        • Opcode Fuzzy Hash: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                        • Instruction Fuzzy Hash: B211FE725186218BCB00EF7DC8C16197FE7FB66358F01491DE866D7362D73AD480AB42
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: ($string or blob too big$|
                                                                                        • API String ID: 632333372-2398534278
                                                                                        • Opcode ID: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                        • Instruction ID: 3c3a64a58f66130c0c9aec06ea77be0954bd7b4098f3428da06b6372deec6608
                                                                                        • Opcode Fuzzy Hash: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                        • Instruction Fuzzy Hash: 5DC10CB5A043288FCB66CF28C981789B7BABB59304F1085D9E958A7345C775EF81CF40
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_stricmp
                                                                                        • String ID: BINARY
                                                                                        • API String ID: 912767213-907554435
                                                                                        • Opcode ID: dd54eeba7b99beb4c129e1ce0ebb3c97c4d31291de79a9977aa1c0a9ff3222ee
                                                                                        • Instruction ID: 142a1e9d4f1e8552d2c1f4074703eb5ae9f1e70d76b7ded3e689f9c37387bea1
                                                                                        • Opcode Fuzzy Hash: dd54eeba7b99beb4c129e1ce0ebb3c97c4d31291de79a9977aa1c0a9ff3222ee
                                                                                        • Instruction Fuzzy Hash: 11512AB8A142159FCF05CF68D580A9EBBFBBFA9314F208569D855AB318D335EC41CB90
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual$Protect$Query
                                                                                        • String ID: @
                                                                                        • API String ID: 3618607426-2766056989
                                                                                        • Opcode ID: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                        • Instruction ID: 11fd3fd6c91f2e29dbdaed7331fdf7a08ef8f1da01c53322037319a40d79a89e
                                                                                        • Opcode Fuzzy Hash: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                        • Instruction Fuzzy Hash: 003141B5E15208AFEB14DFA9D48158EFFF5EF99254F10852AE868E3310E371D940CB52
                                                                                        APIs
                                                                                        • sqlite3_malloc.SQLITE3 ref: 60928353
                                                                                          • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                        • sqlite3_realloc.SQLITE3 ref: 609283A0
                                                                                        • sqlite3_free.SQLITE3 ref: 609283B6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                        • String ID: d
                                                                                        • API String ID: 211589378-2564639436
                                                                                        • Opcode ID: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                        • Instruction ID: 0830c2115c9ea807631a831f7f1165b0ee40d8a8a94356aa67113494a68d5982
                                                                                        • Opcode Fuzzy Hash: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                        • Instruction Fuzzy Hash: 222137B0A04205CFDB14DF59D4C078ABBF6FF69314F158469D8889B309E3B8E841CBA1
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressHandleModuleProc
                                                                                        • String ID: _Jv_RegisterClasses$libgcj-11.dll
                                                                                        • API String ID: 1646373207-2713375476
                                                                                        • Opcode ID: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                        • Instruction ID: e6822cb61b404b68644b44a252d8259deade1a358cfa59fcc717d95409d4d83a
                                                                                        • Opcode Fuzzy Hash: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                        • Instruction Fuzzy Hash: 0DE04F7062D30586FB443F794D923297AEB5F72549F00081CD9929B240EBB4D440D753
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_free
                                                                                        • String ID:
                                                                                        • API String ID: 2313487548-0
                                                                                        • Opcode ID: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                        • Instruction ID: 4e09bb13dd5a3c3c1d339de95b14bc5918580ae4e3dbdcf066e72e084d482625
                                                                                        • Opcode Fuzzy Hash: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                        • Instruction Fuzzy Hash: 15E14674928209EFDB04CF94D184B9EBBB2FF69304F208558D8956B259D774EC86CF81
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: sqlite_master$sqlite_sequence$sqlite_temp_master
                                                                                        • API String ID: 0-1177837799
                                                                                        • Opcode ID: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                        • Instruction ID: e5240d50caebec33bd4ce83d4b9fb982fe545a794019e3d400788b6e3ec19482
                                                                                        • Opcode Fuzzy Hash: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                        • Instruction Fuzzy Hash: F7C13974B062089BDB05DF68D49179EBBF3AFA8308F14C42DE8899B345DB39D841CB41
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_mallocsqlite3_value_bytessqlite3_value_text
                                                                                        • String ID:
                                                                                        • API String ID: 1648232842-0
                                                                                        • Opcode ID: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                        • Instruction ID: a01add595a6c287de5924383f0ed77e5cc34082cd65fcd393cbe5beac3228527
                                                                                        • Opcode Fuzzy Hash: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                        • Instruction Fuzzy Hash: 4531C0B4A042058FDB04DF29C094B5ABBE2FF98354F1484A9EC498F349D779E846CBA0
                                                                                        APIs
                                                                                        • sqlite3_step.SQLITE3 ref: 609614AB
                                                                                        • sqlite3_reset.SQLITE3 ref: 609614BF
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                          • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                        • sqlite3_column_int64.SQLITE3 ref: 609614D4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 3429445273-0
                                                                                        • Opcode ID: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                        • Instruction ID: 62863439de2fabb71fd3664abc4fbfc11ff04353a6e6e3e42574d1c19fb7889d
                                                                                        • Opcode Fuzzy Hash: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                        • Instruction Fuzzy Hash: AE316470A183408BEF15CF69C1C5749FBA6AFA7348F188599DC864F30AD375D884C752
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_snprintf$sqlite3_stricmpsqlite3_value_text
                                                                                        • String ID:
                                                                                        • API String ID: 1035992805-0
                                                                                        • Opcode ID: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                        • Instruction ID: 84d28b158f1a11e063f70be148de9c7b2eff514b3bcf7808f17aa895500be78a
                                                                                        • Opcode Fuzzy Hash: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                        • Instruction Fuzzy Hash: 8C3178B0A08324DFEB24CF28C481B4ABBF6FBA5318F04C499E4888B251C775D885DF42
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 609034D8
                                                                                        • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903521
                                                                                        • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 6090354A
                                                                                        • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903563
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1477753154-0
                                                                                        • Opcode ID: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                        • Instruction ID: 848dca46e936c6e01d33e08870ae11aa620bd8b24bdb606da7ea596206f2e213
                                                                                        • Opcode Fuzzy Hash: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                        • Instruction Fuzzy Hash: 44111F726186218FDB00EF7DC8817597FEAFB66308F00842DE865E7362E779D8819741
                                                                                        APIs
                                                                                        • sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                          • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                        • sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 2673540737-0
                                                                                        • Opcode ID: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                        • Instruction ID: c4988029ba64cfb2248a7cf0c790324acf4c13eb0f9cd3f15fdedc175ef3c91a
                                                                                        • Opcode Fuzzy Hash: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                        • Instruction Fuzzy Hash: F9019276E143148BCB00EF79D88561ABFE7FBA5324F008528EC9497364E735DC408B81
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                        • String ID:
                                                                                        • API String ID: 3526213481-0
                                                                                        • Opcode ID: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                        • Instruction ID: 98199466554994e62e20ad809be6129e3c08b78dd6d8c38fc18f61524e73aad2
                                                                                        • Opcode Fuzzy Hash: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                        • Instruction Fuzzy Hash: 4101E9B5A043059BCB00EF69D485AAFBBF5EF68654F10C529EC9497304E774D841CF91
                                                                                        APIs
                                                                                        • sqlite3_prepare.SQLITE3 ref: 60969166
                                                                                        • sqlite3_errmsg.SQLITE3 ref: 60969172
                                                                                          • Part of subcall function 609258A8: sqlite3_log.SQLITE3 ref: 609258E5
                                                                                        • sqlite3_errcode.SQLITE3 ref: 6096918A
                                                                                          • Part of subcall function 609251AA: sqlite3_log.SQLITE3 ref: 609251E8
                                                                                        • sqlite3_step.SQLITE3 ref: 60969197
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log$sqlite3_errcodesqlite3_errmsgsqlite3_preparesqlite3_step
                                                                                        • String ID:
                                                                                        • API String ID: 2877408194-0
                                                                                        • Opcode ID: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                        • Instruction ID: d4ebd4c9a05a553e526e78eaaf80584f3afcfe73b3175c4c6dada352db343273
                                                                                        • Opcode Fuzzy Hash: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                        • Instruction Fuzzy Hash: 9F0186B091C3059BE700EF29C88525DFBE9EFA5314F11892DA89987384E734C940CB86
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_blobsqlite3_value_bytes
                                                                                        • String ID:
                                                                                        • API String ID: 1163609955-0
                                                                                        • Opcode ID: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                        • Instruction ID: 8e0d1a1b7fe9adeaf330fda5a565ce202833de3a42fcd494fa905fee92021967
                                                                                        • Opcode Fuzzy Hash: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                        • Instruction Fuzzy Hash: F6F0C8716282145FC3106F3994816697BE6DFA6758F0144A9F584CB314DB75CC82C742
                                                                                        APIs
                                                                                        • sqlite3_prepare_v2.SQLITE3 ref: 609615BA
                                                                                        • sqlite3_step.SQLITE3 ref: 609615C9
                                                                                        • sqlite3_column_int.SQLITE3 ref: 609615E1
                                                                                          • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                        • sqlite3_finalize.SQLITE3 ref: 609615EE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_column_intsqlite3_finalizesqlite3_prepare_v2sqlite3_stepsqlite3_value_int
                                                                                        • String ID:
                                                                                        • API String ID: 4265739436-0
                                                                                        • Opcode ID: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                        • Instruction ID: 970f7a8085286b868af170b9ae73916577c28f03d50975cfa6e3c5bd991c66ad
                                                                                        • Opcode Fuzzy Hash: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                        • Instruction Fuzzy Hash: BE01E4B0D083049BEB10EF69C58575EFBF9EFA5314F00896DE8A997380E775D9408B82
                                                                                        APIs
                                                                                        • sqlite3_initialize.SQLITE3 ref: 6092A638
                                                                                          • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 6092A64F
                                                                                        • strcmp.MSVCRT ref: 6092A66A
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6092A67D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_mutex_leavestrcmp
                                                                                        • String ID:
                                                                                        • API String ID: 1894734062-0
                                                                                        • Opcode ID: 1480f87154849f1cdf239baa72c9ff1b5e3c835899009c68b4affe8256d9fce5
                                                                                        • Instruction ID: 0dacd04717b96a229033e5bf385d74358d6efc238696297f04088f4a0acd15ee
                                                                                        • Opcode Fuzzy Hash: 1480f87154849f1cdf239baa72c9ff1b5e3c835899009c68b4affe8256d9fce5
                                                                                        • Instruction Fuzzy Hash: EBF0B4726243044BC7006F799CC164A7FAEEEB1298B05802CEC548B319EB35DC0297A1
                                                                                        APIs
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 609084E9
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 60908518
                                                                                        • sqlite3_mutex_enter.SQLITE3 ref: 60908528
                                                                                        • sqlite3_mutex_leave.SQLITE3 ref: 6090855B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID:
                                                                                        • API String ID: 1477753154-0
                                                                                        • Opcode ID: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                        • Instruction ID: c41a4d3f3efa942db11cbd34a9101edfe28f26dd6f673ba1da0d5803e4a0adbd
                                                                                        • Opcode Fuzzy Hash: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                        • Instruction Fuzzy Hash: FD01A4B05093048BDB40AF25C5D97CABBA5EF15718F0884BDEC894F34AD7B9D5448BA1
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: into$out of
                                                                                        • API String ID: 632333372-1114767565
                                                                                        • Opcode ID: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                        • Instruction ID: de20b162988cb891a2f8fbcf22309076e3e21d241eadb06c465d82de9f0e8d92
                                                                                        • Opcode Fuzzy Hash: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                        • Instruction Fuzzy Hash: 91910170A043149BDB26CF28C88175EBBBABF65308F0481E9E858AB355D7B5DE85CF41
                                                                                        APIs
                                                                                          • Part of subcall function 60918408: sqlite3_value_text.SQLITE3 ref: 60918426
                                                                                        • sqlite3_free.SQLITE3 ref: 609193A3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_freesqlite3_value_text
                                                                                        • String ID: (NULL)$NULL
                                                                                        • API String ID: 2175239460-873412390
                                                                                        • Opcode ID: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                        • Instruction ID: 63658e955800b40111a930d2026d12727b3b294c4be858d68b3f7c51d7abf176
                                                                                        • Opcode Fuzzy Hash: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                        • Instruction Fuzzy Hash: E3514B31F0825A8EEB258A68C89479DBBB6BF66304F1441E9C4A9AB241D7309DC6CF01
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: -- $d
                                                                                        • API String ID: 632333372-777087308
                                                                                        • Opcode ID: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                        • Instruction ID: d45f625f7ed72e8bd0cbe86fb5af212c953cff4c7e5ffbb26f6c4a79540968e1
                                                                                        • Opcode Fuzzy Hash: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                        • Instruction Fuzzy Hash: FB51F674A043689BDB26CF28C980789BBFABF55304F1481D9E89CAB341C7759E85CF40
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: string or blob too big$|
                                                                                        • API String ID: 632333372-330586046
                                                                                        • Opcode ID: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                        • Instruction ID: 65a9847582dc10a4f4f17f1c4fc8d82f10366072c52f03016cacc5a11d353e3e
                                                                                        • Opcode Fuzzy Hash: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                        • Instruction Fuzzy Hash: 4D51B9749083689BCB22CF28C985789BBF6BF59314F1086D9E49897351C775EE81CF41
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: d$|
                                                                                        • API String ID: 632333372-415524447
                                                                                        • Opcode ID: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                        • Instruction ID: dac03e427e93f591f5d1737f90c886445feec93ea56e6f6f32424ebbe55d5cce
                                                                                        • Opcode Fuzzy Hash: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                        • Instruction Fuzzy Hash: 50510970A04329DBDB26CF19C981799BBBABF55308F0481D9E958AB341D735EE81CF41
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_logsqlite3_value_text
                                                                                        • String ID: string or blob too big
                                                                                        • API String ID: 2320820228-2803948771
                                                                                        • Opcode ID: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                        • Instruction ID: 1f8da1134a73d261049fdcd83983d84c916c8a3f87851362e697cdb17b1d2bab
                                                                                        • Opcode Fuzzy Hash: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                        • Instruction Fuzzy Hash: F631D9B0A083249BCB25DF28C881799B7FABF69304F0085DAE898A7301D775DE81CF45
                                                                                        APIs
                                                                                        • sqlite3_aggregate_context.SQLITE3 ref: 60914096
                                                                                        • sqlite3_value_numeric_type.SQLITE3 ref: 609140A2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                        • String ID:
                                                                                        • API String ID: 3265351223-3916222277
                                                                                        • Opcode ID: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                        • Instruction ID: a3c0f903ff645dd1c5a8146eaa2078e963ad6c1b8d1bbf61d5d4caeb1888773d
                                                                                        • Opcode Fuzzy Hash: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                        • Instruction Fuzzy Hash: 19119EB0A0C6589BDF059F69C4D539A7BF6AF39308F0044E8D8D08B205E771CD94CB81
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_stricmp
                                                                                        • String ID: log
                                                                                        • API String ID: 912767213-2403297477
                                                                                        • Opcode ID: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                        • Instruction ID: cbf508da25866b0a35bc2ca480d64d7c482f0664b0359b741109bd545b4f9ff5
                                                                                        • Opcode Fuzzy Hash: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                        • Instruction Fuzzy Hash: FD11DAB07087048BE725AF66C49535EBBB3ABA1708F10C42CE4854B784C7BAC986DB42
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_strnicmp
                                                                                        • String ID: SQLITE_
                                                                                        • API String ID: 1961171630-787686576
                                                                                        • Opcode ID: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                        • Instruction ID: 6d5ef3c0fd507030b5e8170497320435726bf3f0db30f2d6f2734bcd7f756fb3
                                                                                        • Opcode Fuzzy Hash: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                        • Instruction Fuzzy Hash: 2501D6B190C3505FD7419F29CC8075BBFFAEBA5258F10486DE89687212D374DC81D781
                                                                                        APIs
                                                                                        • sqlite3_value_bytes.SQLITE3 ref: 6091A1DB
                                                                                        • sqlite3_value_blob.SQLITE3 ref: 6091A1FA
                                                                                        Strings
                                                                                        • Invalid argument to rtreedepth(), xrefs: 6091A1E3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_value_blobsqlite3_value_bytes
                                                                                        • String ID: Invalid argument to rtreedepth()
                                                                                        • API String ID: 1063208240-2843521569
                                                                                        • Opcode ID: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                        • Instruction ID: c9489564a96cd83e586e3a08c251b8a8c74d553169181c25a19da25ffef599d7
                                                                                        • Opcode Fuzzy Hash: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                        • Instruction Fuzzy Hash: 0FF0A4B2A0C2589BDB00AF2CC88255577A6FF24258F1045D9E9858F306EB34DDD5C7D1
                                                                                        APIs
                                                                                        • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561D7
                                                                                          • Part of subcall function 6092A43E: sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                          • Part of subcall function 6092A43E: sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                          • Part of subcall function 6092A43E: sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                          • Part of subcall function 6092A43E: sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                        • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561EB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_soft_heap_limit64$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_entersqlite3_mutex_leave
                                                                                        • String ID: soft_heap_limit
                                                                                        • API String ID: 1251656441-405162809
                                                                                        • Opcode ID: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                        • Instruction ID: 8891d4bbc0f5aef5547f00e3070395c34840fc2012d087b050684f6162b0ba7d
                                                                                        • Opcode Fuzzy Hash: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                        • Instruction Fuzzy Hash: C2014B71A083188BC710EF98D8417ADB7F2BFA5318F508629E8A49B394D730DC42CF41
                                                                                        APIs
                                                                                        • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 6092522A
                                                                                        • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 60925263
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: sqlite3_log
                                                                                        • String ID: NULL
                                                                                        • API String ID: 632333372-324932091
                                                                                        • Opcode ID: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                        • Instruction ID: 5a36de60e8574ea04015b231464f09686a41744340efbe7a8a869d8181b3dc96
                                                                                        • Opcode Fuzzy Hash: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                        • Instruction Fuzzy Hash: BAF0A070238301DBD7102FA6E44230E7AEBABB0798F48C43C95A84F289D7B5C844CB63
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterLeavefree
                                                                                        • String ID:
                                                                                        • API String ID: 4020351045-0
                                                                                        • Opcode ID: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                        • Instruction ID: 980a39aab3b848caec2c27f45d5308e77b440585e3cd6ccd446b63c63d51e1b6
                                                                                        • Opcode Fuzzy Hash: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                        • Instruction Fuzzy Hash: 2D018070B293058BDB10DF28C985919BBFBABB6308B20855CE499D7355D770DC80EB62
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4DF
                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4F5
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4FD
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D520
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.3320942221.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                        • Associated: 00000005.00000002.3320909408.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321086317.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321163894.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321265084.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321295099.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                        • Associated: 00000005.00000002.3321335605.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                        • String ID:
                                                                                        • API String ID: 682475483-0
                                                                                        • Opcode ID: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                        • Instruction ID: 6dd43474153c21470d2d90641e64b96ed0da30414b2d41baa8b5e8831fa3fcb2
                                                                                        • Opcode Fuzzy Hash: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                        • Instruction Fuzzy Hash: 9AF0F972A163104BEB10AF659CC1A5A7BFDEFB1218F100048FC6197354E770DC40D6A2