Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ni2ghr9eUJ.exe

Overview

General Information

Sample name:Ni2ghr9eUJ.exe
renamed because original name is a hash value
Original sample name:c7df4c7117c0ea3fc75667d1b09db5e8.exe
Analysis ID:1574298
MD5:c7df4c7117c0ea3fc75667d1b09db5e8
SHA1:d1adda0415be3e1499bd41cc45db354026d1a499
SHA256:1f8b6dd65f2ce836562b17f850644b7c0d265f5c770f65ccfcc4481e9e3b02dc
Tags:exeuser-abuse_ch
Infos:

Detection

Socks5Systemz
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
Yara detected Socks5Systemz
AI detected suspicious sample
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Uses schtasks.exe or at.exe to add and modify task schedules
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • Ni2ghr9eUJ.exe (PID: 524 cmdline: "C:\Users\user\Desktop\Ni2ghr9eUJ.exe" MD5: C7DF4C7117C0EA3FC75667D1B09DB5E8)
    • Ni2ghr9eUJ.tmp (PID: 6136 cmdline: "C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp" /SL5="$1042C,3770460,54272,C:\Users\user\Desktop\Ni2ghr9eUJ.exe" MD5: B4D4F779EA9E1F6AC0828B0B21EE319A)
      • schtasks.exe (PID: 2848 cmdline: "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125" MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • videominimizer32.exe (PID: 6448 cmdline: "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i MD5: 624F0DE58BEEA53641A6304AE005CB48)
  • svchost.exe (PID: 7816 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\ProgramData\EarnPackage\EarnPackage.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9HUFF.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        SourceRuleDescriptionAuthorStrings
        00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
          00000005.00000002.3479884889.00000000027B7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
            00000005.00000000.2238211582.0000000000401000.00000020.00000001.01000000.00000009.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Process Memory Space: videominimizer32.exe PID: 6448JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
                SourceRuleDescriptionAuthorStrings
                5.0.videominimizer32.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7816, ProcessName: svchost.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-13T08:18:55.352291+010020287653Unknown Traffic192.168.2.649875188.119.66.185443TCP
                  2024-12-13T08:19:01.919948+010020287653Unknown Traffic192.168.2.649887188.119.66.185443TCP
                  2024-12-13T08:19:04.219380+010020287653Unknown Traffic192.168.2.649896188.119.66.185443TCP
                  2024-12-13T08:19:06.778263+010020287653Unknown Traffic192.168.2.649903188.119.66.185443TCP
                  2024-12-13T08:19:09.228855+010020287653Unknown Traffic192.168.2.649911188.119.66.185443TCP
                  2024-12-13T08:19:11.489574+010020287653Unknown Traffic192.168.2.649917188.119.66.185443TCP
                  2024-12-13T08:19:13.743119+010020287653Unknown Traffic192.168.2.649923188.119.66.185443TCP
                  2024-12-13T08:19:16.244178+010020287653Unknown Traffic192.168.2.649929188.119.66.185443TCP
                  2024-12-13T08:19:18.505660+010020287653Unknown Traffic192.168.2.649935188.119.66.185443TCP
                  2024-12-13T08:19:20.751155+010020287653Unknown Traffic192.168.2.649941188.119.66.185443TCP
                  2024-12-13T08:19:23.003127+010020287653Unknown Traffic192.168.2.649948188.119.66.185443TCP
                  2024-12-13T08:19:25.393360+010020287653Unknown Traffic192.168.2.649954188.119.66.185443TCP
                  2024-12-13T08:19:27.852874+010020287653Unknown Traffic192.168.2.649960188.119.66.185443TCP
                  2024-12-13T08:19:30.286476+010020287653Unknown Traffic192.168.2.649966188.119.66.185443TCP
                  2024-12-13T08:19:32.540509+010020287653Unknown Traffic192.168.2.649973188.119.66.185443TCP
                  2024-12-13T08:19:34.787776+010020287653Unknown Traffic192.168.2.649981188.119.66.185443TCP
                  2024-12-13T08:19:37.205145+010020287653Unknown Traffic192.168.2.649987188.119.66.185443TCP
                  2024-12-13T08:19:39.506620+010020287653Unknown Traffic192.168.2.649993188.119.66.185443TCP
                  2024-12-13T08:19:41.756068+010020287653Unknown Traffic192.168.2.649999188.119.66.185443TCP
                  2024-12-13T08:19:44.010529+010020287653Unknown Traffic192.168.2.650007188.119.66.185443TCP
                  2024-12-13T08:19:46.264754+010020287653Unknown Traffic192.168.2.650013188.119.66.185443TCP
                  2024-12-13T08:19:48.529408+010020287653Unknown Traffic192.168.2.650019188.119.66.185443TCP
                  2024-12-13T08:19:50.786675+010020287653Unknown Traffic192.168.2.650025188.119.66.185443TCP
                  2024-12-13T08:19:53.233634+010020287653Unknown Traffic192.168.2.650031188.119.66.185443TCP
                  2024-12-13T08:19:55.673871+010020287653Unknown Traffic192.168.2.650037188.119.66.185443TCP
                  2024-12-13T08:19:57.946879+010020287653Unknown Traffic192.168.2.650044188.119.66.185443TCP
                  2024-12-13T08:20:00.409973+010020287653Unknown Traffic192.168.2.650045188.119.66.185443TCP
                  2024-12-13T08:20:02.662201+010020287653Unknown Traffic192.168.2.650046188.119.66.185443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-13T08:18:56.786905+010028032742Potentially Bad Traffic192.168.2.649875188.119.66.185443TCP
                  2024-12-13T08:19:02.646693+010028032742Potentially Bad Traffic192.168.2.649887188.119.66.185443TCP
                  2024-12-13T08:19:04.899461+010028032742Potentially Bad Traffic192.168.2.649896188.119.66.185443TCP
                  2024-12-13T08:19:07.462622+010028032742Potentially Bad Traffic192.168.2.649903188.119.66.185443TCP
                  2024-12-13T08:19:09.910696+010028032742Potentially Bad Traffic192.168.2.649911188.119.66.185443TCP
                  2024-12-13T08:19:12.171415+010028032742Potentially Bad Traffic192.168.2.649917188.119.66.185443TCP
                  2024-12-13T08:19:14.537899+010028032742Potentially Bad Traffic192.168.2.649923188.119.66.185443TCP
                  2024-12-13T08:19:16.928235+010028032742Potentially Bad Traffic192.168.2.649929188.119.66.185443TCP
                  2024-12-13T08:19:19.185977+010028032742Potentially Bad Traffic192.168.2.649935188.119.66.185443TCP
                  2024-12-13T08:19:21.434023+010028032742Potentially Bad Traffic192.168.2.649941188.119.66.185443TCP
                  2024-12-13T08:19:23.702066+010028032742Potentially Bad Traffic192.168.2.649948188.119.66.185443TCP
                  2024-12-13T08:19:26.080966+010028032742Potentially Bad Traffic192.168.2.649954188.119.66.185443TCP
                  2024-12-13T08:19:28.534606+010028032742Potentially Bad Traffic192.168.2.649960188.119.66.185443TCP
                  2024-12-13T08:19:30.974236+010028032742Potentially Bad Traffic192.168.2.649966188.119.66.185443TCP
                  2024-12-13T08:19:33.223333+010028032742Potentially Bad Traffic192.168.2.649973188.119.66.185443TCP
                  2024-12-13T08:19:35.477288+010028032742Potentially Bad Traffic192.168.2.649981188.119.66.185443TCP
                  2024-12-13T08:19:37.889376+010028032742Potentially Bad Traffic192.168.2.649987188.119.66.185443TCP
                  2024-12-13T08:19:40.189967+010028032742Potentially Bad Traffic192.168.2.649993188.119.66.185443TCP
                  2024-12-13T08:19:42.437554+010028032742Potentially Bad Traffic192.168.2.649999188.119.66.185443TCP
                  2024-12-13T08:19:44.697344+010028032742Potentially Bad Traffic192.168.2.650007188.119.66.185443TCP
                  2024-12-13T08:19:46.945470+010028032742Potentially Bad Traffic192.168.2.650013188.119.66.185443TCP
                  2024-12-13T08:19:49.210500+010028032742Potentially Bad Traffic192.168.2.650019188.119.66.185443TCP
                  2024-12-13T08:19:51.471950+010028032742Potentially Bad Traffic192.168.2.650025188.119.66.185443TCP
                  2024-12-13T08:19:53.919768+010028032742Potentially Bad Traffic192.168.2.650031188.119.66.185443TCP
                  2024-12-13T08:19:56.355572+010028032742Potentially Bad Traffic192.168.2.650037188.119.66.185443TCP
                  2024-12-13T08:19:58.637569+010028032742Potentially Bad Traffic192.168.2.650044188.119.66.185443TCP
                  2024-12-13T08:20:01.095810+010028032742Potentially Bad Traffic192.168.2.650045188.119.66.185443TCP
                  2024-12-13T08:20:03.387012+010028032742Potentially Bad Traffic192.168.2.650046188.119.66.185443TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: Ni2ghr9eUJ.exeVirustotal: Detection: 29%Perma Link
                  Source: Ni2ghr9eUJ.exeReversingLabs: Detection: 26%
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJoe Sandbox ML: detected
                  Source: C:\ProgramData\EarnPackage\EarnPackage.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045CFD8 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,1_2_0045CFD8
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045D08C ArcFourCrypt,1_2_0045D08C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045D0A4 ArcFourCrypt,1_2_0045D0A4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_10001000 ISCryptGetVersion,1_2_10001000
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_10001130 ArcFourCrypt,1_2_10001130

                  Compliance

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack
                  Source: Ni2ghr9eUJ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Minimizer_is1Jump to behavior
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.6:49875 version: TLS 1.2
                  Source: Binary string: msvcp71.pdbx# source: is-I0AOJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb< source: is-2K79T.tmp.1.dr
                  Source: Binary string: msvcp71.pdb source: is-I0AOJ.tmp.1.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-9H04M.tmp.1.dr
                  Source: Binary string: msvcr71.pdb source: is-2K79T.tmp.1.dr
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00474DFC FindFirstFileA,FindNextFileA,FindClose,1_2_00474DFC
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004625C4 FindFirstFileA,FindNextFileA,FindClose,1_2_004625C4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00463B50 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463B50
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00497C14 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00497C14
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00463FCC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463FCC
                  Source: global trafficTCP traffic: 192.168.2.6:49881 -> 31.214.157.206:2024
                  Source: Joe Sandbox ViewIP Address: 31.214.157.206 31.214.157.206
                  Source: Joe Sandbox ViewIP Address: 188.119.66.185 188.119.66.185
                  Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49896 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49875 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49917 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49903 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49887 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49911 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49923 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49929 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49935 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49941 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49954 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49948 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49960 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49966 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49973 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49981 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49993 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49999 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:49987 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50007 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50013 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50019 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50025 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50031 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50037 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50044 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50046 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.6:50045 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49875 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49896 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49911 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49929 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49903 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49941 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49917 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49954 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49960 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49993 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49887 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50019 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49923 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49948 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50031 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49987 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49973 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49935 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50007 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50044 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49981 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50045 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49999 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49966 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50046 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50025 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50013 -> 188.119.66.185:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:50037 -> 188.119.66.185:443
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231dd0348c HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.214.157.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.66.185
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CD369A InterlockedIncrement,WSARecv,WSAGetLastError,5_2_02CD369A
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231dd0348c HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: global trafficHTTP traffic detected: GET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)Host: 188.119.66.185
                  Source: svchost.exe, 0000000B.00000002.3480550856.000002069ECCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.11.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: qmgr.db.11.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drString found in binary or memory: http://liba52.sourceforge.net/B6.4.0.1
                  Source: videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drString found in binary or memory: http://www.audiocoding.com/
                  Source: Ni2ghr9eUJ.tmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drString found in binary or memory: http://www.innosetup.com/
                  Source: Ni2ghr9eUJ.exe, 00000000.00000003.2221763825.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221914011.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drString found in binary or memory: http://www.remobjects.com/ps
                  Source: Ni2ghr9eUJ.exe, 00000000.00000003.2221763825.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221914011.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drString found in binary or memory: http://www.remobjects.com/psU
                  Source: videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drString found in binary or memory: http://www.videolan.org/dtsdec.html96.4.0.2
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/.
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/0
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/7
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/9
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/A
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/C
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/G
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/J
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/S
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/U
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e3008888325
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a4yKP
                  Source: videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/ai/?key=8f3f2b3ae14615677YK0
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-GB
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/en-US
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/priseCertificates
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://188.119.66.185/rosoft
                  Source: qmgr.db.11.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                  Source: svchost.exe, 0000000B.00000003.2411746822.00000206A42A0000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                  Source: Ni2ghr9eUJ.exe, 00000000.00000002.3477154026.0000000002161000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221401971.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221464661.0000000002161000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000002.3476772874.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000003.2223784499.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000002.3478030727.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000003.2223695416.00000000030F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                  Source: unknownHTTPS traffic detected: 188.119.66.185:443 -> 192.168.2.6:49875 version: TLS 1.2
                  Source: is-9H04M.tmp.1.drBinary or memory string: DirectDrawCreateExmemstr_a4ff2e07-a
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0042F520 NtdllDefWindowProc_A,1_2_0042F520
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00423B84 NtdllDefWindowProc_A,1_2_00423B84
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004125D8 NtdllDefWindowProc_A,1_2_004125D8
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004785E0 NtdllDefWindowProc_A,1_2_004785E0
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004573E0 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,1_2_004573E0
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0042E934: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,1_2_0042E934
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_0040840C0_2_0040840C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004804DB1_2_004804DB
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0047051C1_2_0047051C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004672181_2_00467218
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004352C81_2_004352C8
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0043DD501_2_0043DD50
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0043035C1_2_0043035C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004444C81_2_004444C8
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004345C41_2_004345C4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004866B41_2_004866B4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00444A701_2_00444A70
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00430EE81_2_00430EE8
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045EF381_2_0045EF38
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045AFC41_2_0045AFC4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004451681_2_00445168
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004692781_2_00469278
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004455741_2_00445574
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004876141_2_00487614
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0048D9F01_2_0048D9F0
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004519BC1_2_004519BC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_004010515_2_00401051
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00401C265_2_00401C26
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_004070A75_2_004070A7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609660FA5_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092114F5_2_6092114F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6091F2C95_2_6091F2C9
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096923E5_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093323D5_2_6093323D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095C3145_2_6095C314
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609503125_2_60950312
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094D33B5_2_6094D33B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093B3685_2_6093B368
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096748C5_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093F42E5_2_6093F42E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609544705_2_60954470
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609615FA5_2_609615FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A5EE5_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096D6A45_2_6096D6A4
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609606A85_2_609606A8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609326545_2_60932654
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609556655_2_60955665
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B7DB5_2_6094B7DB
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092F74D5_2_6092F74D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609648075_2_60964807
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094E9BC5_2_6094E9BC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609379295_2_60937929
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6093FAD65_2_6093FAD6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096DAE85_2_6096DAE8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094DA3A5_2_6094DA3A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60936B275_2_60936B27
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60954CF65_2_60954CF6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60950C6B5_2_60950C6B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60966DF15_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60963D355_2_60963D35
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60909E9C5_2_60909E9C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60951E865_2_60951E86
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60912E0B5_2_60912E0B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60954FF85_2_60954FF8
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CED31F5_2_02CED31F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CE70B05_2_02CE70B0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CDE06F5_2_02CDE06F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CF266D5_2_02CF266D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CE873A5_2_02CE873A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CEB5F95_2_02CEB5F9
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CEBAED5_2_02CEBAED
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CF2A705_2_02CF2A70
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CEBF055_2_02CEBF05
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CF0DA45_2_02CF0DA4
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\EarnPackage\sqlite3.dll 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: String function: 02CE7750 appears 32 times
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: String function: 02CF2A00 appears 137 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00408C0C appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00406AC4 appears 43 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 0040595C appears 117 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00403400 appears 60 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00445DD4 appears 45 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 004344DC appears 32 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 004078F4 appears 42 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00457D6C appears 73 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00403494 appears 82 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00403684 appears 224 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00457B60 appears 97 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 00453344 appears 94 times
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: String function: 004460A4 appears 59 times
                  Source: Ni2ghr9eUJ.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: Ni2ghr9eUJ.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: Ni2ghr9eUJ.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: Ni2ghr9eUJ.tmp.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: is-RU19P.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                  Source: is-RU19P.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                  Source: is-RU19P.tmp.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                  Source: sqlite3.dll.5.drStatic PE information: Number of sections : 19 > 10
                  Source: is-P26CL.tmp.1.drStatic PE information: Number of sections : 19 > 10
                  Source: Ni2ghr9eUJ.exe, 00000000.00000003.2221763825.0000000002390000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Ni2ghr9eUJ.exe
                  Source: Ni2ghr9eUJ.exe, 00000000.00000003.2221914011.0000000002168000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Ni2ghr9eUJ.exe
                  Source: Ni2ghr9eUJ.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: videominimizer32.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: EarnPackage.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal92.troj.evad.winEXE@9/34@0/3
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CDF8C0 _memset,FormatMessageA,GetLastError,FormatMessageA,GetLastError,5_2_02CDF8C0
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,0_2_00409448
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004555E4 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,1_2_004555E4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00455E0C GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceA,1_2_00455E0C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateServiceA,CloseServiceHandle,5_2_004026EC
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0046DF58 GetVersion,CoCreateInstance,1_2_0046DF58
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,0_2_00409BEC
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402812 lstrcmpiW,StartServiceCtrlDispatcherA,5_2_00402812
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402812 lstrcmpiW,StartServiceCtrlDispatcherA,5_2_00402812
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_0040D6C1 StartServiceCtrlDispatcherA,5_2_0040D6C1
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2872:120:WilError_03
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeFile created: C:\Users\user\AppData\Local\Temp\is-320HS.tmpJump to behavior
                  Source: Yara matchFile source: 5.0.videominimizer32.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000000.2238211582.0000000000401000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\ProgramData\EarnPackage\EarnPackage.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9HUFF.tmp, type: DROPPED
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile read: C:\Windows\win.iniJump to behavior
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: videominimizer32.exe, videominimizer32.exe, 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmp, videominimizer32.exe, 00000005.00000003.2246193517.0000000000901000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.5.dr, is-P26CL.tmp.1.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                  Source: Ni2ghr9eUJ.exeVirustotal: Detection: 29%
                  Source: Ni2ghr9eUJ.exeReversingLabs: Detection: 26%
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeFile read: C:\Users\user\Desktop\Ni2ghr9eUJ.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\Ni2ghr9eUJ.exe "C:\Users\user\Desktop\Ni2ghr9eUJ.exe"
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp "C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp" /SL5="$1042C,3770460,54272,C:\Users\user\Desktop\Ni2ghr9eUJ.exe"
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp "C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp" /SL5="$1042C,3770460,54272,C:\Users\user\Desktop\Ni2ghr9eUJ.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe "C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -iJump to behavior
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: msacm32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: winmmbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: sfc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: sqlite3.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpWindow found: window name: TMainFormJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Minimizer_is1Jump to behavior
                  Source: Ni2ghr9eUJ.exeStatic file information: File size 4019237 > 1048576
                  Source: Binary string: msvcp71.pdbx# source: is-I0AOJ.tmp.1.dr
                  Source: Binary string: msvcr71.pdb< source: is-2K79T.tmp.1.dr
                  Source: Binary string: msvcp71.pdb source: is-I0AOJ.tmp.1.dr
                  Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-9H04M.tmp.1.dr
                  Source: Binary string: msvcr71.pdb source: is-2K79T.tmp.1.dr

                  Data Obfuscation

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack .text:ER;_abtt_1:R;_actt_1:W;.rsrc:R;_adtt_1:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeUnpacked PE file: 5.2.videominimizer32.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _abtt_1
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _actt_1
                  Source: videominimizer32.exe.1.drStatic PE information: section name: _adtt_1
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /4
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /19
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /35
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /51
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /63
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /77
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /89
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /102
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /113
                  Source: is-P26CL.tmp.1.drStatic PE information: section name: /124
                  Source: is-9H04M.tmp.1.drStatic PE information: section name: Shared
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _abtt_1
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _actt_1
                  Source: EarnPackage.exe.5.drStatic PE information: section name: _adtt_1
                  Source: sqlite3.dll.5.drStatic PE information: section name: /4
                  Source: sqlite3.dll.5.drStatic PE information: section name: /19
                  Source: sqlite3.dll.5.drStatic PE information: section name: /35
                  Source: sqlite3.dll.5.drStatic PE information: section name: /51
                  Source: sqlite3.dll.5.drStatic PE information: section name: /63
                  Source: sqlite3.dll.5.drStatic PE information: section name: /77
                  Source: sqlite3.dll.5.drStatic PE information: section name: /89
                  Source: sqlite3.dll.5.drStatic PE information: section name: /102
                  Source: sqlite3.dll.5.drStatic PE information: section name: /113
                  Source: sqlite3.dll.5.drStatic PE information: section name: /124
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_004065C8 push 00406605h; ret 0_2_004065FD
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_004040B5 push eax; ret 0_2_004040F1
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00408104 push ecx; mov dword ptr [esp], eax0_2_00408109
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00404185 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00404206 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_0040C218 push eax; ret 0_2_0040C219
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00404283 push 00404391h; ret 0_2_00404389
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00408F38 push 00408F6Bh; ret 0_2_00408F63
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040994C push 00409989h; ret 1_2_00409981
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00483A6C push 00483B7Ah; ret 1_2_00483B72
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004062B4 push ecx; mov dword ptr [esp], eax1_2_004062B5
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004104E0 push ecx; mov dword ptr [esp], edx1_2_004104E5
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0049481C push ecx; mov dword ptr [esp], ecx1_2_00494821
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00412928 push 0041298Bh; ret 1_2_00412983
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040CE38 push ecx; mov dword ptr [esp], edx1_2_0040CE3A
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0048515C push ecx; mov dword ptr [esp], ecx1_2_00485161
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00459120 push 00459164h; ret 1_2_0045915C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040F398 push ecx; mov dword ptr [esp], edx1_2_0040F39A
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00443440 push ecx; mov dword ptr [esp], ecx1_2_00443444
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040546D push eax; ret 1_2_004054A9
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040553D push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004055BE push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00477628 push ecx; mov dword ptr [esp], edx1_2_00477629
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0040563B push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004517F8 push 0045182Bh; ret 1_2_00451823
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004519BC push ecx; mov dword ptr [esp], eax1_2_004519C1
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045FB90 push ecx; mov dword ptr [esp], ecx1_2_0045FB94
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00419C28 push ecx; mov dword ptr [esp], ecx1_2_00419C2D
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00499D1C pushad ; retf 1_2_00499D2B
                  Source: videominimizer32.exe.1.drStatic PE information: section name: .text entropy: 7.751631091566533
                  Source: EarnPackage.exe.5.drStatic PE information: section name: .text entropy: 7.751631091566533

                  Persistence and Installation Behavior

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_00401A4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_02CDE898
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-1BMVT.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-74MI9.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9H04M.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-2K79T.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-8KV19.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-I0AOJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-RU19P.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\sqlite3.dll (copy)Jump to dropped file
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeFile created: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpFile created: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-P26CL.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\EarnPackage.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\sqlite3.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile created: C:\ProgramData\EarnPackage\EarnPackage.exeJump to dropped file

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_00401A4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive05_2_02CDE898
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_00402812 lstrcmpiW,StartServiceCtrlDispatcherA,5_2_00402812
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00423C0C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,1_2_00423C0C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004241DC IsIconic,SetActiveWindow,SetFocus,1_2_004241DC
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00424194 IsIconic,SetActiveWindow,1_2_00424194
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00418384 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,1_2_00418384
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0042285C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,1_2_0042285C
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00483420 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,1_2_00483420
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00417598 IsIconic,GetCapture,1_2_00417598
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00417CCE IsIconic,SetWindowPos,1_2_00417CCE
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00417CD0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,1_2_00417CD0
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0041F118 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_0041F118
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,5_2_00401B4B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,5_2_02CDE99C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeWindow / User API: threadDelayed 3878Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeWindow / User API: threadDelayed 6040Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_shfoldr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-1BMVT.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_setup64.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-74MI9.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9H04M.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-2K79T.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_iscrypt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-I0AOJ.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-8KV19.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-RU19P.tmpJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)Jump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-P26CL.tmpJump to dropped file
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-5542
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 2100Thread sleep count: 3878 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 2100Thread sleep time: -7756000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 8124Thread sleep time: -1260000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 2100Thread sleep count: 6040 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe TID: 2100Thread sleep time: -12080000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 7840Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00452A60 FindFirstFileA,GetLastError,1_2_00452A60
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00474DFC FindFirstFileA,FindNextFileA,FindClose,1_2_00474DFC
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004625C4 FindFirstFileA,FindNextFileA,FindClose,1_2_004625C4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00463B50 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463B50
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00497C14 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,1_2_00497C14
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00463FCC SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,1_2_00463FCC
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,0_2_00409B30
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3477089915.00000000008E8000.00000004.00000020.00020000.00000000.sdmp, videominimizer32.exe, 00000005.00000002.3481471706.0000000003354000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.3479626390.000002069EC2F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.3479690724.000002069EC3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.3482314949.00000206A005E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeAPI call chain: ExitProcess graph end nodegraph_0-6674
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeAPI call chain: ExitProcess graph end nodegraph_5-61896
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_5-61957
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CE80F0 IsDebuggerPresent,5_2_02CE80F0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CEE6AE RtlEncodePointer,RtlEncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,GetProcAddress,RtlEncodePointer,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,RtlDecodePointer,5_2_02CEE6AE
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_004502C0 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004502C0
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CD5E4F RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_memset,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,_memset,_memset,_memset,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,_memset,_memset,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,5_2_02CD5E4F
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CE80DA SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_02CE80DA
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00478024 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,1_2_00478024
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0042E09C AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,1_2_0042E09C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_02CDE850 cpuid 5_2_02CDE850
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: GetLocaleInfoA,0_2_0040520C
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: GetLocaleInfoA,0_2_00405258
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: GetLocaleInfoA,1_2_00408568
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: GetLocaleInfoA,1_2_004085B4
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_00458418 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,1_2_00458418
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_004026C4 GetSystemTime,0_2_004026C4
                  Source: C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmpCode function: 1_2_0045559C GetUserNameA,1_2_0045559C
                  Source: C:\Users\user\Desktop\Ni2ghr9eUJ.exeCode function: 0_2_00405CF4 GetVersionExA,0_2_00405CF4

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.3479884889.00000000027B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videominimizer32.exe PID: 6448, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.3479884889.00000000027B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: videominimizer32.exe PID: 6448, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,5_2_609660FA
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,5_2_6090C1D6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,5_2_60963143
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,5_2_6096A2BD
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,5_2_6096923E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,5_2_6096A38C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,5_2_6096748C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,5_2_609254B1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,5_2_6094B407
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090F435 sqlite3_bind_parameter_index,5_2_6090F435
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,5_2_609255D4
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609255FF sqlite3_bind_text,5_2_609255FF
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,5_2_6096A5EE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,5_2_6094B54C
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,5_2_60925686
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,5_2_6094A6C5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,5_2_609256E5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,5_2_6094B6ED
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092562A sqlite3_bind_blob,5_2_6092562A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,5_2_60925655
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,5_2_6094C64A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,5_2_609687A7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,5_2_6095F7F7
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,5_2_6092570B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095F772
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,5_2_60925778
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090577D sqlite3_bind_parameter_name,5_2_6090577D
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,5_2_6094B764
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090576B sqlite3_bind_parameter_count,5_2_6090576B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,5_2_6094A894
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095F883
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,5_2_6094C8C2
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,5_2_6096281E
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,5_2_6096583A
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,5_2_6095F9AD
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6094A92B
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6090EAE5 sqlite3_transfer_bindings,5_2_6090EAE5
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,5_2_6095FB98
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,5_2_6095ECA6
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,5_2_6095FCCE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,5_2_6095FDAE
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,5_2_60966DF1
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,5_2_60969D75
                  Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exeCode function: 5_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,5_2_6095FFB2
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Native API
                  1
                  DLL Side-Loading
                  1
                  Exploitation for Privilege Escalation
                  1
                  Deobfuscate/Decode Files or Information
                  1
                  Input Capture
                  1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  2
                  Ingress Tool Transfer
                  Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job
                  5
                  Windows Service
                  1
                  DLL Side-Loading
                  3
                  Obfuscated Files or Information
                  LSASS Memory1
                  Account Discovery
                  Remote Desktop Protocol1
                  Input Capture
                  21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Service Execution
                  1
                  Scheduled Task/Job
                  1
                  Access Token Manipulation
                  22
                  Software Packing
                  Security Account Manager2
                  File and Directory Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Bootkit
                  5
                  Windows Service
                  1
                  DLL Side-Loading
                  NTDS45
                  System Information Discovery
                  Distributed Component Object ModelInput Capture1
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script2
                  Process Injection
                  11
                  Masquerading
                  LSA Secrets141
                  Security Software Discovery
                  SSHKeylogging12
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                  Scheduled Task/Job
                  121
                  Virtualization/Sandbox Evasion
                  Cached Domain Credentials1
                  Process Discovery
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Access Token Manipulation
                  DCSync121
                  Virtualization/Sandbox Evasion
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                  Process Injection
                  Proc Filesystem11
                  Application Window Discovery
                  Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Bootkit
                  /etc/passwd and /etc/shadow3
                  System Owner/User Discovery
                  Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery
                  Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  Ni2ghr9eUJ.exe30%VirustotalBrowse
                  Ni2ghr9eUJ.exe26%ReversingLabsWin32.Trojan.Munp
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe100%Joe Sandbox ML
                  C:\ProgramData\EarnPackage\EarnPackage.exe100%Joe Sandbox ML
                  C:\ProgramData\EarnPackage\sqlite3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp3%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_iscrypt.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_setup64.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\is-ET0SS.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\LTDIS13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\gdiplus.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-1BMVT.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-2K79T.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-74MI9.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-8KV19.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9H04M.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-I0AOJ.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\is-P26CL.tmp0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\ltkrn13n.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcp71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\msvcr71.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\sqlite3.dll (copy)0%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\is-RU19P.tmp3%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\uninstall\unins000.exe (copy)3%ReversingLabs
                  C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.dll (copy)0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c40%Avira URL Cloudsafe
                  https://188.119.66.185/U0%Avira URL Cloudsafe
                  https://188.119.66.185/S0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a4yKP0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee0%Avira URL Cloudsafe
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231dd0348c0%Avira URL Cloudsafe
                  https://188.119.66.185/U1%VirustotalBrowse
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677YK00%Avira URL Cloudsafe
                  https://188.119.66.185/00%Avira URL Cloudsafe
                  http://www.audiocoding.com/0%Avira URL Cloudsafe
                  https://188.119.66.185/S1%VirustotalBrowse
                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250%Avira URL Cloudsafe
                  https://188.119.66.185/.0%Avira URL Cloudsafe
                  http://liba52.sourceforge.net/B6.4.0.10%Avira URL Cloudsafe
                  https://188.119.66.185/en-US0%Avira URL Cloudsafe
                  https://188.119.66.185/90%Avira URL Cloudsafe
                  https://188.119.66.185/rosoft0%Avira URL Cloudsafe
                  https://188.119.66.185/70%Avira URL Cloudsafe
                  https://188.119.66.185/C0%Avira URL Cloudsafe
                  https://188.119.66.185/A0%Avira URL Cloudsafe
                  https://188.119.66.185/J0%Avira URL Cloudsafe
                  https://188.119.66.185/G0%Avira URL Cloudsafe
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  199.232.214.172
                  truefalse
                    high
                    s-part-0035.t-0009.t-msedge.net
                    13.107.246.63
                    truefalse
                      high
                      ax-0001.ax-msedge.net
                      150.171.27.10
                      truefalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905dfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231dd0348cfalse
                        • Avira URL Cloud: safe
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.innosetup.com/Ni2ghr9eUJ.tmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drfalse
                          high
                          https://188.119.66.185/Uvideominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          unknown
                          https://188.119.66.185/Svideominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          unknown
                          https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a4yKPvideominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4videominimizer32.exe, 00000005.00000002.3477089915.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.videolan.org/dtsdec.html96.4.0.2videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drfalse
                            high
                            https://188.119.66.185/videominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000B.00000003.2411746822.00000206A42A0000.00000004.00000800.00020000.00000000.sdmp, edb.log.11.drfalse
                                high
                                http://crl.ver)svchost.exe, 0000000B.00000002.3480550856.000002069ECCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eeevideominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://188.119.66.185/ai/?key=8f3f2b3ae14615677YK0videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.audiocoding.com/videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://g.live.com/odclientsettings/Prod1C:qmgr.db.11.drfalse
                                    high
                                    http://www.remobjects.com/psUNi2ghr9eUJ.exe, 00000000.00000003.2221763825.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221914011.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drfalse
                                      high
                                      https://188.119.66.185/0videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://188.119.66.185/priseCertificatesvideominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://188.119.66.185/ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e3008888325videominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/.videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://liba52.sourceforge.net/B6.4.0.1videominimizer32.exe, 00000005.00000000.2244065808.00000000004D5000.00000002.00000001.01000000.00000009.sdmp, videominimizer32.exe.1.dr, EarnPackage.exe.5.dr, is-9HUFF.tmp.1.drfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/en-USvideominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/9videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/rosoftvideominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/7videominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://188.119.66.185/en-GBvideominimizer32.exe, 00000005.00000002.3477089915.00000000009C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://188.119.66.185/Cvideominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://188.119.66.185/Avideominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.remobjects.com/psNi2ghr9eUJ.exe, 00000000.00000003.2221763825.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221914011.0000000002168000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, Ni2ghr9eUJ.tmp, 00000001.00000000.2222521970.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-RU19P.tmp.1.dr, Ni2ghr9eUJ.tmp.0.drfalse
                                            high
                                            https://www.easycutstudio.com/support.htmlNi2ghr9eUJ.exe, 00000000.00000002.3477154026.0000000002161000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221401971.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.exe, 00000000.00000003.2221464661.0000000002161000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000002.3476772874.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000003.2223784499.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000002.3478030727.0000000002198000.00000004.00001000.00020000.00000000.sdmp, Ni2ghr9eUJ.tmp, 00000001.00000003.2223695416.00000000030F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              high
                                              https://188.119.66.185/Jvideominimizer32.exe, 00000005.00000002.3481471706.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://188.119.66.185/Gvideominimizer32.exe, 00000005.00000002.3477089915.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs
                                              IPDomainCountryFlagASNASN NameMalicious
                                              31.214.157.206
                                              unknownGermany
                                              58329RACKPLACEDEfalse
                                              188.119.66.185
                                              unknownRussian Federation
                                              209499FLYNETRUfalse
                                              IP
                                              127.0.0.1
                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1574298
                                              Start date and time:2024-12-13 08:16:56 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 6m 54s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:14
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:Ni2ghr9eUJ.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:c7df4c7117c0ea3fc75667d1b09db5e8.exe
                                              Detection:MAL
                                              Classification:mal92.troj.evad.winEXE@9/34@0/3
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HCA Information:
                                              • Successful, ratio: 93%
                                              • Number of executed functions: 200
                                              • Number of non-executed functions: 263
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                              • Excluded IPs from analysis (whitelisted): 23.218.208.109, 20.231.128.67, 13.107.246.63, 20.223.35.26, 2.16.158.90, 20.12.23.50, 20.234.120.54, 150.171.27.10, 4.175.87.197
                                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.afd.azureedge.net, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, login.live.com, e16604.g.akamaiedge.net, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              TimeTypeDescription
                                              02:18:15API Interceptor2x Sleep call for process: svchost.exe modified
                                              02:18:33API Interceptor413535x Sleep call for process: videominimizer32.exe modified
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              31.214.157.2062mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                    imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                          file.exeGet hashmaliciousSocks5SystemzBrowse
                                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                  188.119.66.1852mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                    2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                      7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                        file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                          imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                            imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                  file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                    file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      ax-0001.ax-msedge.netfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 150.171.28.10
                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 150.171.27.10
                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 150.171.27.10
                                                                                      QyzM5yhuwd.exeGet hashmaliciousMedusaLockerBrowse
                                                                                      • 150.171.27.10
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • 150.171.28.10
                                                                                      6C2Oryo96G.exeGet hashmaliciousUnknownBrowse
                                                                                      • 150.171.27.10
                                                                                      win.exeGet hashmaliciousLynxBrowse
                                                                                      • 150.171.28.10
                                                                                      RunScriptProtected.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                      • 150.171.27.10
                                                                                      dkarts.dll.dllGet hashmaliciousUnknownBrowse
                                                                                      • 150.171.27.10
                                                                                      1_Garmin_Campaign Information for Partners(12-10).docx.lnk.download.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                      • 150.171.27.10
                                                                                      s-part-0035.t-0009.t-msedge.netwV1Mk5PUmi.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      • 13.107.246.63
                                                                                      Rbeu9JMfnq.exeGet hashmaliciousLummaCBrowse
                                                                                      • 13.107.246.63
                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                      • 13.107.246.63
                                                                                      k2XnMjR4j0.exeGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.63
                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 13.107.246.63
                                                                                      MN2MXYYRQG.exeGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.63
                                                                                      D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                      • 13.107.246.63
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.63
                                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                                      • 13.107.246.63
                                                                                      CMR ART009.docxGet hashmaliciousUnknownBrowse
                                                                                      • 13.107.246.63
                                                                                      bg.microsoft.map.fastly.netMN2MXYYRQG.exeGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.214.172
                                                                                      17340714718cf6b83384353df011a29118a75d6346d0b8e5440173084d59c98ad6e15aaf57685.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                      • 199.232.214.172
                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 199.232.214.172
                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                      • 199.232.210.172
                                                                                      file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                      • 199.232.210.172
                                                                                      RFQ3978 39793980.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 199.232.210.172
                                                                                      Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                      • 199.232.210.172
                                                                                      qWMEdD3xsu.dllGet hashmaliciousStrela StealerBrowse
                                                                                      • 199.232.210.172
                                                                                      IDqDMIZDPk.dllGet hashmaliciousUnknownBrowse
                                                                                      • 199.232.210.172
                                                                                      c2.htaGet hashmaliciousXWormBrowse
                                                                                      • 199.232.210.172
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      RACKPLACEDE2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 31.214.157.206
                                                                                      FLYNETRU2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      https://drive.google.com/file/d/1yoYdaJg2olHzjqEKXjn6nnXKPPak7HoL/view?usp=sharing_eil&ts=675747b9Get hashmaliciousUnknownBrowse
                                                                                      • 188.119.66.154
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      51c64c77e60f3980eea90869b68c58a82mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      17Xmvtq2Tq.exeGet hashmaliciousVidarBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                      • 188.119.66.185
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      C:\ProgramData\EarnPackage\sqlite3.dll2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                        2mtt3zE6Vh.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                          7i6bUvYZ4L.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                              imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                imMQqf6YWk.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                    file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                      file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                        file.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                          Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3191062
                                                                                                          Entropy (8bit):6.448717575265652
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:49152:mfODTVo396X9driyYw3nDZwE2nnhq+facnw+W:WODJoW9Biy13nDZknnhPfacw+W
                                                                                                          MD5:624F0DE58BEEA53641A6304AE005CB48
                                                                                                          SHA1:AEE9BF070824DAB00026A442FD91FF0B2E97A54D
                                                                                                          SHA-256:DBA536ED37D38DF9687579923EBC89D8A84A34E7B2976FCBDBB745F1165A135F
                                                                                                          SHA-512:E46961298F80A822C486CAEC55C4977FA65F781868021C85F406F5AF31C14FFD85991F46157B9767A880647B2663D6B4607E8036C534316498C6ED40F5079F30
                                                                                                          Malicious:true
                                                                                                          Yara Hits:
                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\EarnPackage\EarnPackage.exe, Author: Joe Security
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L.....[g.....................(.......]............@.......................... 1.....||1..............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):645592
                                                                                                          Entropy (8bit):6.50414583238337
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                          MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                          SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                          SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                          SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Joe Sandbox View:
                                                                                                          • Filename: 2mtt3zE6Vh.exe, Detection: malicious, Browse
                                                                                                          • Filename: 2mtt3zE6Vh.exe, Detection: malicious, Browse
                                                                                                          • Filename: 7i6bUvYZ4L.exe, Detection: malicious, Browse
                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                          • Filename: imMQqf6YWk.exe, Detection: malicious, Browse
                                                                                                          • Filename: imMQqf6YWk.exe, Detection: malicious, Browse
                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1310720
                                                                                                          Entropy (8bit):0.7263259204832931
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0D:9JZj5MiKNnNhoxuW
                                                                                                          MD5:037FFA51249D7BD58A1122C7405882F8
                                                                                                          SHA1:54C9599E0EAE4712A94182CACDEDAD1880F0A0EC
                                                                                                          SHA-256:03F4DC701843A520EA93197E52B00371F7256C8FDD108911BC666DB8AD182DDE
                                                                                                          SHA-512:4531FBEF8CB1841B6BBBCCAD78E03370007DA9556B06E2E3D3FBB65F19A3F62701977761BD6B18BE09CC93D933F87ECEFE86CD3B89CEA28827F42CFE8409BC5E
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:Extensible storage user DataBase, version 0x620, checksum 0xb7dce0c4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1310720
                                                                                                          Entropy (8bit):0.7555714063937293
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:lSB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:lazaSvGJzYj2UlmOlOL
                                                                                                          MD5:962E2EF763B67149EACAA9B09CE99D18
                                                                                                          SHA1:B9F9741609501E5CDC78A31E902D9B800D8B8D62
                                                                                                          SHA-256:5B55B6ED1CFE4F76742A36624B662E9A0839FC46BACCBECC9FC0EBDCABB09BBF
                                                                                                          SHA-512:DEECEBB665C1DCEDC0A6BF60B3C0FD91AE1AFC46D2B0C0FB4C89F49091BCD70600707E61FEFAA9D15341178B0C765A3670EBEC5FD381BCF7356807453B569A77
                                                                                                          Malicious:false
                                                                                                          Preview:....... .......7.......X\...;...{......................0.e......!...{?......|..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{....................................d......|#.................].......|#..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):16384
                                                                                                          Entropy (8bit):0.07781871229218082
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:3vXKYeCN4lNaAPaU1lhypZGylluxmO+l/SNxOf:/XKzosNDPaUpy3/gmOH
                                                                                                          MD5:3AF60504C6D740215F86AB7E020C3DAA
                                                                                                          SHA1:B280DADF326E17392780BB8EF62788A903D052AB
                                                                                                          SHA-256:328937D8E4738996B38EE97A715170136160F592F57BB921D221D37BA9BA797A
                                                                                                          SHA-512:C693125C9A508695E870CFCA97D520B26DAE0AE7A9F107C74C9013691ABEED4C4CA2993C34F1FF2955D16A57FE1D8D848C8DB81765D797CD3CF1A10C8A67AD08
                                                                                                          Malicious:false
                                                                                                          Preview:&........................................;...{.......|#..!...{?..........!...{?..!...{?..g...!...{?.................].......|#.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          File Type:ISO-8859 text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):8
                                                                                                          Entropy (8bit):2.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:M+Ctln:MNn
                                                                                                          MD5:111F7C33AD5EDB6E3F23C7DFCEB07CE4
                                                                                                          SHA1:910BC79ED07BB542A994962F2204C0FA424DE0C4
                                                                                                          SHA-256:41E1C3F1402AC41D8AC6200F4E89CC51B89F46FABE968381E8A104CF3701A8D4
                                                                                                          SHA-512:5B99840F3450D9A44C46EE83D62F1F7984E30015C2EBD8061947813CBB3E0EC042D25CE61AECD51B085925CDC7809585EDEF67561C8EF88C9B1DE33393D5D005
                                                                                                          Malicious:false
                                                                                                          Preview:..[g....
                                                                                                          Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4
                                                                                                          Entropy (8bit):0.8112781244591328
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:2B197A84C60EC779B10736BB6475B5E9
                                                                                                          SHA1:C66F455EC1C14E38154F75BAF37ADD2E728EE0C1
                                                                                                          SHA-256:0623CCB9B1619BD388284A438034D8CB6431964BA727D8B1C450303105735488
                                                                                                          SHA-512:702414B61E87C6FFBB92A6B3B2E240639B6878560C62051FE641135A9352ED14A64CA844A641F5E330798E074DEEE8C52E0E721F16CCB37C000B3411CABD2060
                                                                                                          Malicious:false
                                                                                                          Preview:....
                                                                                                          Process:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):128
                                                                                                          Entropy (8bit):2.9012093522336393
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ObXXXd0AbDBdUBWetxt:Or9Lb3UFx
                                                                                                          MD5:679DD163372163CD8FFC24E3C9E758B3
                                                                                                          SHA1:F307C14CA65810C8D0238B89B49B2ACD7C5B233B
                                                                                                          SHA-256:510EA89D00FA427C33BD67AEEA60D21066976F085959C2AFE1F69411A8CA722D
                                                                                                          SHA-512:46C464F15BCE39E28DCD48AF36C424845631D2B48D7E37D7FBBBEE0BC4DF32445A2810E397BF29FCA76C0364B1AA30CC05DCF4D9E799C6C697B49A174560969C
                                                                                                          Malicious:false
                                                                                                          Preview:12b48997735ce8b4537cf99be74bb62f518d3799011c89eb7c719048e83fac56................................................................
                                                                                                          Process:C:\Users\user\Desktop\Ni2ghr9eUJ.exe
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):705536
                                                                                                          Entropy (8bit):6.505787173623696
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:kTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyF:4PcYn5c/rPx37/zHBA6pDp2mIEi4CRx+
                                                                                                          MD5:B4D4F779EA9E1F6AC0828B0B21EE319A
                                                                                                          SHA1:7862EA3B0C9EAE8E4E24125D63E5A8DDBC0BF588
                                                                                                          SHA-256:422CF23BE87C93223D11DAA8E74C3C8C5AF80C70CD8EFF1F501DA70E612014A6
                                                                                                          SHA-512:EC52C6F8B83C5088BE39988F067D93C6A183A95C98B5BBE4119625F7925C3F274F969271722C3171300CF4943D076B0DDD1A6D5ED38EDE849A3976BADC99D065
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2560
                                                                                                          Entropy (8bit):2.8818118453929262
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                                                          MD5:A69559718AB506675E907FE49DEB71E9
                                                                                                          SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                                                          SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                                                          SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):6144
                                                                                                          Entropy (8bit):4.289297026665552
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:48:Sv1LfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2pGSS4k+bkg6j0KHc:wfkcXegaJ/ZAYNzcld1xaX12pfSKvkc
                                                                                                          MD5:C8871EFD8AF2CF4D9D42D1FF8FADBF89
                                                                                                          SHA1:D0EACD5322C036554D509C7566F0BCC7607209BD
                                                                                                          SHA-256:E4FC574A01B272C2D0AED0EC813F6D75212E2A15A5F5C417129DD65D69768F40
                                                                                                          SHA-512:2735BB610060F749E26ACD86F2DF2B8A05F2BDD3DCCF3E4B2946EBB21BA0805FB492C474B1EEB2C5B8BF1A421F7C1B8728245F649C644F4A9ECC5BD8770A16F6
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....HP..........#............................@.............................`..............................................................<!.......P.......@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc........P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):23312
                                                                                                          Entropy (8bit):4.596242908851566
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                          MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                          SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                          SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                          SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):265728
                                                                                                          Entropy (8bit):6.4472652154517345
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                          MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                          SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                          SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                          SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1645320
                                                                                                          Entropy (8bit):6.787752063353702
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                          MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                          SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                          SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                          SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):176128
                                                                                                          Entropy (8bit):6.204917493416147
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                          MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                          SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                          SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                          SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):348160
                                                                                                          Entropy (8bit):6.542655141037356
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                          MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                          SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                          SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                          SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):265728
                                                                                                          Entropy (8bit):6.4472652154517345
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                                                          MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                                                          SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                                                          SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                                                          SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):445440
                                                                                                          Entropy (8bit):6.439135831549689
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                          MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                          SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                          SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                          SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1645320
                                                                                                          Entropy (8bit):6.787752063353702
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                                                          MD5:871C903A90C45CA08A9D42803916C3F7
                                                                                                          SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                                                          SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                                                          SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):3191062
                                                                                                          Entropy (8bit):6.448717168800787
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:49152:DfODTVo396X9driyYw3nDZwE2nnhq+facnw+W:jODJoW9Biy13nDZknnhPfacw+W
                                                                                                          MD5:542D4CE2B17CCD6138E1A4478AE0A9D5
                                                                                                          SHA1:06D0625097C209CB713F33B9139A47CF2EF4FD75
                                                                                                          SHA-256:139F113DC13CBFAACA02C70233EBD37FA9C868AE2DB73AF19051486E2FF6AF4D
                                                                                                          SHA-512:B4DDE15AEB95CFB3FBD8F0C4A477C91203DEC76688000B21F85C8954D35A35F35D8EB5C7E68C94514E6A010FB70F7DA4BBBB84EFD43982CE2C0BCCC47DA5968E
                                                                                                          Malicious:false
                                                                                                          Yara Hits:
                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\is-9HUFF.tmp, Author: Joe Security
                                                                                                          Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L.....[g.....................(.......]............@.......................... 1.....||1..............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):499712
                                                                                                          Entropy (8bit):6.414789978441117
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                          MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                          SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                          SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                          SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:MS Windows HtmlHelp Data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):78183
                                                                                                          Entropy (8bit):7.692742945771669
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                          MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                          SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                          SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                          SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                          Malicious:false
                                                                                                          Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):645592
                                                                                                          Entropy (8bit):6.50414583238337
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                          MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                          SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                          SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                          SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):445440
                                                                                                          Entropy (8bit):6.439135831549689
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                                                          MD5:CAC7E17311797C5471733638C0DC1F01
                                                                                                          SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                                                          SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                                                          SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):499712
                                                                                                          Entropy (8bit):6.414789978441117
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                                                          MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                                                          SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                                                          SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                                                          SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):348160
                                                                                                          Entropy (8bit):6.542655141037356
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                                                          MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                                                          SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                                                          SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                                                          SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):645592
                                                                                                          Entropy (8bit):6.50414583238337
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                                                          MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                                                          SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                                                          SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                                                          SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):716789
                                                                                                          Entropy (8bit):6.514245354995985
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:sTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyFJ:wPcYn5c/rPx37/zHBA6pDp2mIEi4CRxe
                                                                                                          MD5:DAE3749FEB9FFE7F74FB1BFF7A3B0922
                                                                                                          SHA1:CA65A423D082614D9A4740A4C7F05B60083D409D
                                                                                                          SHA-256:64A62CC1B82D79E62FAA3487D07B780EA8D7C3779139AAB969E257708677E2B4
                                                                                                          SHA-512:3A58EDA117AA1B1CF1CDDC8B46900D7868375475665554FAF7F06F9C222AE2AD8EEBA211A31F51F16FBB08A7AA6C812F8B7937D6E9682F59B8B8A03AE58766FF
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:InnoSetup Log Video Minimizer, version 0x30, 4874 bytes, 066656\user, "C:\Users\user\AppData\Local\Video Minimizer 1.77"
                                                                                                          Category:dropped
                                                                                                          Size (bytes):4874
                                                                                                          Entropy (8bit):4.771396235397496
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:96:lc1ztW8j289pkcZagxn9e+eOIhuKa7ICSss/LnCb4LbjBAS2h9oC9pT:stW8iapkc3xNHIh4ICSsAnzI
                                                                                                          MD5:33669AAEAFB26BFC7D1D6C5197DF2582
                                                                                                          SHA1:C81A1780AA69F33F6F613E153C057D2B9C588422
                                                                                                          SHA-256:C20E81CF3482ECC8FEE0FF25A14DEC2F1C2EF5DB7CF433B029566D55738D1B40
                                                                                                          SHA-512:3099330AB4E3FB9F81C5C5803A42CECC65CCB11A51B6172DEBA28AD308A47A8603B31468110AB8CE4361A68C7B15CD5437A28ACB343841C39CA9F10CEB6E98C9
                                                                                                          Malicious:false
                                                                                                          Preview:Inno Setup Uninstall Log (b)....................................Video Minimizer.................................................................................................................Video Minimizer.................................................................................................................0...........%...............................................................................................................X8....................W....066656.user4C:\Users\user\AppData\Local\Video Minimizer 1.77.............9.... ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):716789
                                                                                                          Entropy (8bit):6.514245354995985
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:sTPcYn5c/rPx37/zHBA6a5Ueyp2CrIEROlnrNORu4VwRxyFJ:wPcYn5c/rPx37/zHBA6pDp2mIEi4CRxe
                                                                                                          MD5:DAE3749FEB9FFE7F74FB1BFF7A3B0922
                                                                                                          SHA1:CA65A423D082614D9A4740A4C7F05B60083D409D
                                                                                                          SHA-256:64A62CC1B82D79E62FAA3487D07B780EA8D7C3779139AAB969E257708677E2B4
                                                                                                          SHA-512:3A58EDA117AA1B1CF1CDDC8B46900D7868375475665554FAF7F06F9C222AE2AD8EEBA211A31F51F16FBB08A7AA6C812F8B7937D6E9682F59B8B8A03AE58766FF
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                          Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................z........................@..............................................@...............................%..................................................................................................................CODE....\y.......z.................. ..`DATA.................~..............@...BSS......................................idata...%.......&..................@....tls.....................................rdata..............................@..P.reloc...... ......................@..P.rsrc...............................@..P.....................P..............@..P........................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:MS Windows HtmlHelp Data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):78183
                                                                                                          Entropy (8bit):7.692742945771669
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                                                          MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                                                          SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                                                          SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                                                          SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                                                          Malicious:false
                                                                                                          Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):176128
                                                                                                          Entropy (8bit):6.204917493416147
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                                                          MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                                                          SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                                                          SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                                                          SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Category:modified
                                                                                                          Size (bytes):3191062
                                                                                                          Entropy (8bit):6.448717575265652
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:49152:mfODTVo396X9driyYw3nDZwE2nnhq+facnw+W:WODJoW9Biy13nDZknnhPfacw+W
                                                                                                          MD5:624F0DE58BEEA53641A6304AE005CB48
                                                                                                          SHA1:AEE9BF070824DAB00026A442FD91FF0B2E97A54D
                                                                                                          SHA-256:DBA536ED37D38DF9687579923EBC89D8A84A34E7B2976FCBDBB745F1165A135F
                                                                                                          SHA-512:E46961298F80A822C486CAEC55C4977FA65F781868021C85F406F5AF31C14FFD85991F46157B9767A880647B2663D6B4607E8036C534316498C6ED40F5079F30
                                                                                                          Malicious:true
                                                                                                          Yara Hits:
                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, Author: Joe Security
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L.....[g.....................(.......]............@.......................... 1.....||1..............................................P..X...............................................................................@............................text...j........................... ..`_abtt_1.............................@..@_actt_1.xd.......0..................@....rsrc........P......................@..@_adtt_1.............................`.+.........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:JSON data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):55
                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                          Malicious:false
                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):7.998279535609148
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.86%
                                                                                                          • Inno Setup installer (109748/4) 1.08%
                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                          File name:Ni2ghr9eUJ.exe
                                                                                                          File size:4'019'237 bytes
                                                                                                          MD5:c7df4c7117c0ea3fc75667d1b09db5e8
                                                                                                          SHA1:d1adda0415be3e1499bd41cc45db354026d1a499
                                                                                                          SHA256:1f8b6dd65f2ce836562b17f850644b7c0d265f5c770f65ccfcc4481e9e3b02dc
                                                                                                          SHA512:79618d4cbf0a688f2e02a8ca573d3bde0b82756e54141de65659b29cc52b01ced246f7a4fd501dd8654999fb17ca326963b2bcda8c132a006eab5a28efe61d1e
                                                                                                          SSDEEP:98304:Iv9Ekqc5MQhT4fSGPXnqqk10qbbmz4qj+sbq2:U9EqhhEfjPXqqk10q0jBd
                                                                                                          TLSH:EA1633177DD94578F242183A18E17EED44123F6318BB1B8CB0BACD989F77868D2587CA
                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                                                                          Icon Hash:2d2e3797b32b2b99
                                                                                                          Entrypoint:0x409c40
                                                                                                          Entrypoint Section:CODE
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:1
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:1
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:1
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:884310b1928934402ea6fec1dbd3cf5e
                                                                                                          Instruction
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          add esp, FFFFFFC4h
                                                                                                          push ebx
                                                                                                          push esi
                                                                                                          push edi
                                                                                                          xor eax, eax
                                                                                                          mov dword ptr [ebp-10h], eax
                                                                                                          mov dword ptr [ebp-24h], eax
                                                                                                          call 00007FF2D4EC120Bh
                                                                                                          call 00007FF2D4EC2412h
                                                                                                          call 00007FF2D4EC26A1h
                                                                                                          call 00007FF2D4EC2744h
                                                                                                          call 00007FF2D4EC46E3h
                                                                                                          call 00007FF2D4EC704Eh
                                                                                                          call 00007FF2D4EC71B5h
                                                                                                          xor eax, eax
                                                                                                          push ebp
                                                                                                          push 0040A2FCh
                                                                                                          push dword ptr fs:[eax]
                                                                                                          mov dword ptr fs:[eax], esp
                                                                                                          xor edx, edx
                                                                                                          push ebp
                                                                                                          push 0040A2C5h
                                                                                                          push dword ptr fs:[edx]
                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                          mov eax, dword ptr [0040C014h]
                                                                                                          call 00007FF2D4EC7C1Bh
                                                                                                          call 00007FF2D4EC784Eh
                                                                                                          lea edx, dword ptr [ebp-10h]
                                                                                                          xor eax, eax
                                                                                                          call 00007FF2D4EC4D08h
                                                                                                          mov edx, dword ptr [ebp-10h]
                                                                                                          mov eax, 0040CE24h
                                                                                                          call 00007FF2D4EC12B7h
                                                                                                          push 00000002h
                                                                                                          push 00000000h
                                                                                                          push 00000001h
                                                                                                          mov ecx, dword ptr [0040CE24h]
                                                                                                          mov dl, 01h
                                                                                                          mov eax, 0040738Ch
                                                                                                          call 00007FF2D4EC5597h
                                                                                                          mov dword ptr [0040CE28h], eax
                                                                                                          xor edx, edx
                                                                                                          push ebp
                                                                                                          push 0040A27Dh
                                                                                                          push dword ptr fs:[edx]
                                                                                                          mov dword ptr fs:[edx], esp
                                                                                                          call 00007FF2D4EC7C8Bh
                                                                                                          mov dword ptr [0040CE30h], eax
                                                                                                          mov eax, dword ptr [0040CE30h]
                                                                                                          cmp dword ptr [eax+0Ch], 01h
                                                                                                          jne 00007FF2D4EC7DCAh
                                                                                                          mov eax, dword ptr [0040CE30h]
                                                                                                          mov edx, 00000028h
                                                                                                          call 00007FF2D4EC5998h
                                                                                                          mov edx, dword ptr [00000030h]
                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd0000x950.idata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x2c00.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xf0000x18.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          CODE0x10000x93640x9400e8a38c5eb0d717d3fb478c7e19f20477False0.6147856841216216data6.563139352016593IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          DATA0xb0000x24c0x4005d98c64569668b0235ae89005918165aFalse0.3046875data2.7373065622921344IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          BSS0xc0000xe880x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .idata0xd0000x9500xa00bb5485bf968b970e5ea81292af2acdbaFalse0.414453125data4.430733069799036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .tls0xe0000x80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .rdata0xf0000x180x2009ba824905bf9c7922b6fc87a38b74366False0.052734375data0.2044881574398449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x100000x8b40x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x110000x2c000x2c003824b00ad83284733f59af3c83a83df9False0.3259055397727273data4.4972864265663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_ICON0x113540x128Device independent bitmap graphic, 16 x 32 x 4, image size 192DutchNetherlands0.5675675675675675
                                                                                                          RT_ICON0x1147c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320DutchNetherlands0.4486994219653179
                                                                                                          RT_ICON0x119e40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640DutchNetherlands0.4637096774193548
                                                                                                          RT_ICON0x11ccc0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152DutchNetherlands0.3935018050541516
                                                                                                          RT_STRING0x125740x2f2data0.35543766578249336
                                                                                                          RT_STRING0x128680x30cdata0.3871794871794872
                                                                                                          RT_STRING0x12b740x2cedata0.42618384401114207
                                                                                                          RT_STRING0x12e440x68data0.75
                                                                                                          RT_STRING0x12eac0xb4data0.6277777777777778
                                                                                                          RT_STRING0x12f600xaedata0.5344827586206896
                                                                                                          RT_RCDATA0x130100x2cdata1.1590909090909092
                                                                                                          RT_GROUP_ICON0x1303c0x3edataEnglishUnited States0.8387096774193549
                                                                                                          RT_VERSION0x1307c0x4b8COM executable for DOSEnglishUnited States0.2740066225165563
                                                                                                          RT_MANIFEST0x135340x5a4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.42590027700831024
                                                                                                          DLLImport
                                                                                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle
                                                                                                          user32.dllMessageBoxA
                                                                                                          oleaut32.dllVariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
                                                                                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA
                                                                                                          kernel32.dllWriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
                                                                                                          user32.dllTranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
                                                                                                          comctl32.dllInitCommonControls
                                                                                                          advapi32.dllAdjustTokenPrivileges
                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          DutchNetherlands
                                                                                                          EnglishUnited States
                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-12-13T08:18:55.352291+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649875188.119.66.185443TCP
                                                                                                          2024-12-13T08:18:56.786905+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649875188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:01.919948+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649887188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:02.646693+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649887188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:04.219380+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649896188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:04.899461+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649896188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:06.778263+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649903188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:07.462622+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649903188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:09.228855+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649911188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:09.910696+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649911188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:11.489574+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649917188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:12.171415+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649917188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:13.743119+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649923188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:14.537899+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649923188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:16.244178+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649929188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:16.928235+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649929188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:18.505660+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649935188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:19.185977+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649935188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:20.751155+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649941188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:21.434023+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649941188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:23.003127+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649948188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:23.702066+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649948188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:25.393360+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649954188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:26.080966+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649954188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:27.852874+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649960188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:28.534606+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649960188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:30.286476+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649966188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:30.974236+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649966188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:32.540509+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649973188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:33.223333+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649973188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:34.787776+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649981188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:35.477288+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649981188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:37.205145+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649987188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:37.889376+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649987188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:39.506620+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649993188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:40.189967+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649993188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:41.756068+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.649999188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:42.437554+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649999188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:44.010529+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650007188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:44.697344+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650007188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:46.264754+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650013188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:46.945470+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650013188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:48.529408+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650019188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:49.210500+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650019188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:50.786675+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650025188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:51.471950+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650025188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:53.233634+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650031188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:53.919768+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650031188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:55.673871+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650037188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:56.355572+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650037188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:57.946879+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650044188.119.66.185443TCP
                                                                                                          2024-12-13T08:19:58.637569+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650044188.119.66.185443TCP
                                                                                                          2024-12-13T08:20:00.409973+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650045188.119.66.185443TCP
                                                                                                          2024-12-13T08:20:01.095810+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650045188.119.66.185443TCP
                                                                                                          2024-12-13T08:20:02.662201+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.650046188.119.66.185443TCP
                                                                                                          2024-12-13T08:20:03.387012+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.650046188.119.66.185443TCP
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Dec 13, 2024 08:18:53.687621117 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:53.687661886 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:53.687766075 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:53.704082966 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:53.704099894 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:55.352215052 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:55.352291107 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:55.520349026 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:55.520384073 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:55.520787001 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:55.520844936 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:55.532762051 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:55.579324007 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:56.786911964 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:56.786986113 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:56.786993980 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:56.787053108 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:56.789156914 CET49875443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:18:56.789177895 CET44349875188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:18:56.790397882 CET498812024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:18:56.910181046 CET20244988131.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:18:56.910290956 CET498812024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:18:56.910418034 CET498812024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:18:57.030297041 CET20244988131.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:18:57.030400991 CET498812024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:18:57.150279999 CET20244988131.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:18:58.244077921 CET20244988131.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:18:58.297179937 CET498812024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:00.253439903 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:00.253473997 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:00.253544092 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:00.253839016 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:00.253854036 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:01.916738987 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:01.919948101 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:01.928689003 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:01.928699017 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:01.928961039 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:01.928966045 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.646728992 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.646853924 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.646867990 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.646910906 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.646960020 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.647102118 CET49887443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.647114038 CET44349887188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.768886089 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.768917084 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:02.769104004 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.769460917 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:02.769471884 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.219137907 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.219379902 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.220305920 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.220318079 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.220489025 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.220494986 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.899467945 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.899554968 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.899564028 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.899607897 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.899851084 CET49896443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:04.899857044 CET44349896188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:04.900865078 CET499022024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:05.020946026 CET20244990231.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.021061897 CET499022024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:05.021142960 CET499022024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:05.021224976 CET499022024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:05.133487940 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:05.133512974 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.133649111 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:05.134371042 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:05.134383917 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.141654968 CET20244990231.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.184189081 CET20244990231.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.995390892 CET20244990231.214.157.206192.168.2.6
                                                                                                          Dec 13, 2024 08:19:05.995455027 CET499022024192.168.2.631.214.157.206
                                                                                                          Dec 13, 2024 08:19:06.778179884 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:06.778263092 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:06.778889894 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:06.778899908 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:06.779164076 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:06.779170036 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.462718010 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.462789059 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.462798119 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.462876081 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.462939024 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.463071108 CET49903443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.463082075 CET44349903188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.582952976 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.582993984 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:07.583122969 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.583489895 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:07.583503008 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.228738070 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.228854895 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.229490042 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.229507923 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.229681969 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.229687929 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.910772085 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.910887957 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.910918951 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.910939932 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:09.910994053 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.911030054 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.911279917 CET49911443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:09.911298990 CET44349911188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:10.034563065 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:10.034604073 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:10.034955978 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:10.035034895 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:10.035048962 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:11.489500999 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:11.489573956 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:11.490443945 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:11.490453959 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:11.490721941 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:11.490736008 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.171515942 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.171621084 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.171652079 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.171674013 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.171768904 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.172005892 CET49917443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.172023058 CET44349917188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.284436941 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.284475088 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:12.284698963 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.285132885 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:12.285150051 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:13.741779089 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:13.743119001 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:13.964519024 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:13.964593887 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:13.975405931 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:13.975431919 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.538007975 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.538080931 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.538100004 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.538198948 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.538229942 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.538253069 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.538305998 CET49923443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.538361073 CET44349923188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.659957886 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.660008907 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:14.660141945 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.660504103 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:14.660522938 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.244081020 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.244178057 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.244996071 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.245008945 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.245404959 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.245412111 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.928150892 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.928234100 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.928247929 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.928294897 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.928328037 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:16.928420067 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.928549051 CET49929443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:16.928567886 CET44349929188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:17.050410032 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:17.050457001 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:17.050602913 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:17.051007986 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:17.051022053 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:18.505536079 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:18.505660057 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:18.506572962 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:18.506586075 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:18.506885052 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:18.506890059 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:19.187093019 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:19.187192917 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:19.187258005 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.187258005 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.187577963 CET49935443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.187599897 CET44349935188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:19.300841093 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.300946951 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:19.301158905 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.301573038 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:19.301615000 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:20.751087904 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:20.751154900 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:20.751838923 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:20.751848936 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:20.752084017 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:20.752089024 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:21.434053898 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:21.434134960 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:21.434168100 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.434192896 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.434431076 CET49941443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.434447050 CET44349941188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:21.550419092 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.550477982 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:21.551012039 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.551347017 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:21.551359892 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.002768040 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.003127098 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.013690948 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.013710022 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.013897896 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.013904095 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.702095032 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.702188015 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.702214956 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.702265978 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.705343962 CET49948443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.705365896 CET44349948188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.816016912 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.816062927 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:23.816277981 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.816585064 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:23.816600084 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:25.393249989 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:25.393359900 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:25.420737028 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:25.420752048 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:25.421149015 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:25.421153069 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.081079960 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.081204891 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.081214905 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.081271887 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.081289053 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.081712961 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.081712961 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.206619978 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.206684113 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.206883907 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.207232952 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.207259893 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:26.390980959 CET49954443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:26.391015053 CET44349954188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:27.852777004 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:27.852874041 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:27.853364944 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:27.853394985 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:27.853575945 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:27.853589058 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.534624100 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.534701109 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.534723043 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.534766912 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.534825087 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.534867048 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.534893990 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.534940958 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.535001993 CET49960443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.535017014 CET44349960188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.644078016 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.644135952 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:28.644215107 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.644557953 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:28.644570112 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.286407948 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.286475897 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.287174940 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.287193060 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.287453890 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.287462950 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.974272013 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.974349022 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.974356890 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:30.974404097 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.974730968 CET49966443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:30.974750042 CET44349966188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:31.081710100 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:31.081759930 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:31.081824064 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:31.082094908 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:31.082110882 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:32.540425062 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:32.540508986 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:32.541091919 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:32.541104078 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:32.541351080 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:32.541357040 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:33.223364115 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:33.223429918 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.223443031 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:33.223493099 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.223680019 CET49973443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.223699093 CET44349973188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:33.331967115 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.331999063 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:33.332108021 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.332740068 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:33.332756042 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:34.787691116 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:34.787775993 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:34.788515091 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:34.788522005 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:34.788611889 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:34.788618088 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.477385044 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.477490902 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.477507114 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.477560997 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.477615118 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.477721930 CET49981443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.477746010 CET44349981188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.597440004 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.597489119 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:35.597644091 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.598067999 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:35.598089933 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.205071926 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.205144882 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.205688000 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.205702066 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.207875967 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.207885027 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.889384985 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.889453888 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.889463902 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:37.889511108 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.889734983 CET49987443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:37.889753103 CET44349987188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:38.003385067 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:38.003418922 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:38.003510952 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:38.003833055 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:38.003846884 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:39.506360054 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:39.506619930 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:39.513509035 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:39.513515949 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:39.513701916 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:39.513706923 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.189990044 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.190052986 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.190068960 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.190083027 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.190119028 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.190381050 CET49993443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.190395117 CET44349993188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.300148010 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.300195932 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:40.300265074 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.300596952 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:40.300612926 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:41.755970955 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:41.756067991 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:41.756731987 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:41.756747007 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:41.757226944 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:41.757239103 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:42.437576056 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:42.437648058 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:42.437661886 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.437707901 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.438188076 CET49999443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.438206911 CET44349999188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:42.551347017 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.551409006 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:42.551506996 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.551845074 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:42.551873922 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.010428905 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.010529041 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.011074066 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.011095047 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.011348009 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.011360884 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.697386980 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.697460890 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.697470903 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.697527885 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.697691917 CET50007443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.697725058 CET44350007188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.815937042 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.815989971 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:44.816080093 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.816386938 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:44.816401005 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.264683008 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.264754057 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.265342951 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.265357018 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.265563965 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.265568972 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.945482969 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.945564985 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:46.945574045 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.945719004 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.945839882 CET50013443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:46.945858002 CET44350013188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:47.077670097 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:47.077737093 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:47.077872038 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:47.078242064 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:47.078255892 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:48.529268980 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:48.529407978 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:48.529999018 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:48.530004025 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:48.530256987 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:48.530261993 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:49.210510015 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:49.210585117 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.210594893 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:49.210652113 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.210882902 CET50019443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.210903883 CET44350019188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:49.333193064 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.333246946 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:49.333837986 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.334161043 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:49.334172964 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:50.786451101 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:50.786674976 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:50.787338018 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:50.787349939 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:50.787616014 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:50.787620068 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.471877098 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.471936941 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.471950054 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.471988916 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.472039938 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.472224951 CET50025443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.472249031 CET44350025188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.588869095 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.588927984 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:51.589214087 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.589540958 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:51.589554071 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.233558893 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.233633995 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.236203909 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.236216068 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.236366034 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.236371040 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.919795036 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.919883966 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:53.919888020 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.919928074 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.920272112 CET50031443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:53.920298100 CET44350031188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:54.035078049 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:54.035132885 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:54.035212040 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:54.035592079 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:54.035610914 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:55.673754930 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:55.673871040 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:55.674432993 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:55.674439907 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:55.674644947 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:55.674650908 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:56.355604887 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:56.355688095 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:56.355782986 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:56.355983973 CET50037443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:56.355995893 CET44350037188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:56.482985973 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:56.483028889 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:56.483158112 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:56.483692884 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:56.483711958 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:57.946804047 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:57.946878910 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:57.950404882 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:57.950424910 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:57.952997923 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:57.953011036 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:58.637607098 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:58.637691975 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:58.637729883 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.637856960 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.638180971 CET50044443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.638195992 CET44350044188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:58.764969110 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.765002012 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:19:58.765093088 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.766169071 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:19:58.766185045 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:00.409881115 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:00.409972906 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:00.412341118 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:00.412348032 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:00.412920952 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:00.412926912 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:01.095810890 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:01.095881939 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.095891953 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:01.095992088 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.096414089 CET50045443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.096426010 CET44350045188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:01.209387064 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.209407091 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:01.209647894 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.210175037 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:01.210186005 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:02.662017107 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:02.662200928 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:02.670372963 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:02.670394897 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:02.673708916 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:02.673733950 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:03.387075901 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:03.387223005 CET50046443192.168.2.6188.119.66.185
                                                                                                          Dec 13, 2024 08:20:03.387267113 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:03.387389898 CET44350046188.119.66.185192.168.2.6
                                                                                                          Dec 13, 2024 08:20:03.387454987 CET50046443192.168.2.6188.119.66.185
                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Dec 13, 2024 08:17:55.836488962 CET1.1.1.1192.168.2.60x9b37No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:17:55.836488962 CET1.1.1.1192.168.2.60x9b37No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:18:17.167272091 CET1.1.1.1192.168.2.60xc413No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:18:17.167272091 CET1.1.1.1192.168.2.60xc413No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:18:17.167272091 CET1.1.1.1192.168.2.60xc413No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:18:45.386037111 CET1.1.1.1192.168.2.60xe7bbNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                          Dec 13, 2024 08:18:45.386037111 CET1.1.1.1192.168.2.60xe7bbNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                          • 188.119.66.185
                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.649875188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:18:55 UTC283OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b82a8dcd6c946851e30088883250aa15dd05633775b0e650f2ba1e9c95b1c92975ccf55bc592fe5a818ece02a1b7e2984c57cad7021dda33231dd0348c HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:18:56 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:18:56 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:18:56 UTC846INData Raw: 33 34 32 0d 0a 38 62 37 32 33 63 36 38 65 65 31 38 34 30 33 63 36 36 30 66 62 66 65 30 33 38 34 63 32 37 62 36 62 63 38 66 38 30 32 32 34 63 62 64 33 62 63 31 39 30 32 34 39 66 37 65 31 36 66 65 30 34 64 64 65 37 36 37 34 62 62 33 35 63 38 64 31 65 33 66 37 38 37 61 61 30 61 66 30 64 39 62 66 35 30 31 64 32 39 61 62 31 63 61 32 39 37 34 64 34 66 34 34 63 63 34 39 35 66 62 35 32 64 31 64 34 39 35 35 34 61 63 62 36 66 34 63 61 30 61 30 32 63 35 63 38 30 32 31 38 63 30 33 32 32 36 31 30 63 64 33 39 38 63 64 65 64 33 39 34 35 64 34 38 63 32 37 31 33 35 66 66 63 33 30 34 35 35 36 63 30 65 37 30 63 38 66 30 30 61 37 32 62 63 66 39 35 61 61 65 65 65 65 62 35 39 61 62 37 37 63 33 64 34 32 30 66 64 66 32 64 38 65 64 34 64 30 65 38 65 35 38 39 33 33 34 61 65 33 34
                                                                                                          Data Ascii: 3428b723c68ee18403c660fbfe0384c27b6bc8f80224cbd3bc190249f7e16fe04dde7674bb35c8d1e3f787aa0af0d9bf501d29ab1ca2974d4f44cc495fb52d1d49554acb6f4ca0a02c5c80218c0322610cd398cded3945d48c27135ffc304556c0e70c8f00a72bcf95aaeeeeb59ab77c3d420fdf2d8ed4d0e8e589334ae34


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.649887188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:01 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:02 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:02 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:02 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.649896188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:04 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:04 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:04 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:04 UTC702INData Raw: 32 62 32 0d 0a 38 62 37 32 32 61 37 37 65 34 31 66 35 35 32 63 33 34 34 38 61 33 65 34 36 64 32 30 37 66 65 38 62 33 38 63 38 35 33 66 35 33 62 39 33 61 64 66 38 63 32 35 39 61 36 38 35 39 62 64 34 36 38 66 38 39 32 34 30 63 65 61 31 33 64 37 31 32 33 64 37 30 32 63 65 33 66 35 35 34 66 36 61 35 35 66 64 36 39 38 62 61 63 38 33 37 37 35 64 32 66 66 35 33 63 34 39 30 65 35 34 65 64 37 64 31 38 31 35 37 61 39 62 35 65 61 63 35 30 64 30 39 63 32 64 36 30 35 31 65 64 35 33 32 32 37 31 63 63 64 33 31 38 34 64 35 63 63 39 35 35 61 35 36 63 38 37 30 33 64 66 33 64 63 30 36 35 35 36 66 31 62 37 33 63 65 66 36 30 61 37 37 62 31 66 32 34 31 61 66 65 39 66 35 35 33 61 61 37 63 63 63 63 62 32 31 66 35 66 33 63 64 65 64 34 62 31 33 39 31 35 39 39 64 33 63 62 31 33 35
                                                                                                          Data Ascii: 2b28b722a77e41f552c3448a3e46d207fe8b38c853f53b93adf8c259a6859bd468f89240cea13d7123d702ce3f554f6a55fd698bac83775d2ff53c490e54ed7d18157a9b5eac50d09c2d6051ed532271ccd3184d5cc955a56c8703df3dc06556f1b73cef60a77b1f241afe9f553aa7ccccb21f5f3cded4b1391599d3cb135


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.649903188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:06 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:07 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:07 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:07 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.649911188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:09 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:09 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:09 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:09 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.649917188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:11 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:12 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:11 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:12 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.649923188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:13 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:14 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:14 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:14 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.649929188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:16 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:16 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:16 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:16 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.649935188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:18 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:19 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:18 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:19 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.649941188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:20 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:21 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:21 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:21 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          10192.168.2.649948188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:23 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:23 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:23 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:23 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          11192.168.2.649954188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:25 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:26 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:25 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:26 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          12192.168.2.649960188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:27 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:28 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:28 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:28 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          13192.168.2.649966188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:30 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:30 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:30 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:30 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          14192.168.2.649973188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:32 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:33 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:33 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:33 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          15192.168.2.649981188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:34 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:35 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:35 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:35 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          16192.168.2.649987188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:37 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:37 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:37 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:37 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          17192.168.2.649993188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:39 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:40 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:39 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:40 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          18192.168.2.649999188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:41 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:42 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:42 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:42 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          19192.168.2.650007188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:44 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:44 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:44 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:44 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          20192.168.2.650013188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:46 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:46 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:46 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:46 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          21192.168.2.650019188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:48 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:49 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:48 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:49 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          22192.168.2.650025188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:50 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:51 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:51 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:51 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          23192.168.2.650031188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:53 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:53 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:53 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:53 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          24192.168.2.650037188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:55 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:56 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:56 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:56 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          25192.168.2.650044188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:19:57 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:19:58 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:19:58 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:19:58 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          26192.168.2.650045188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:20:00 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:20:01 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:20:00 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:20:01 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          27192.168.2.650046188.119.66.1854436448C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-12-13 07:20:02 UTC291OUTGET /ai/?key=8f3f2b3ae14615677411efa3231e72eee7c4db7e40b92a8dcd6c946a43b944869e7c4ce718c34f7f6323f3b70caaf94cda9ea6967478d3f44cc588fa45d7d69a43faeaa5960502d18f414ad332231ad7308bd0d1905d HTTP/1.1
                                                                                                          User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                          Host: 188.119.66.185
                                                                                                          2024-12-13 07:20:03 UTC200INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                          Date: Fri, 13 Dec 2024 07:20:03 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          X-Powered-By: PHP/7.4.33
                                                                                                          2024-12-13 07:20:03 UTC24INData Raw: 65 0d 0a 38 62 37 32 33 36 36 33 65 63 31 33 32 35 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: e8b723663ec13250


                                                                                                          Click to jump to process

                                                                                                          Click to jump to process

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Click to jump to process

                                                                                                          Target ID:0
                                                                                                          Start time:02:17:56
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Users\user\Desktop\Ni2ghr9eUJ.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\Ni2ghr9eUJ.exe"
                                                                                                          Imagebase:0x400000
                                                                                                          File size:4'019'237 bytes
                                                                                                          MD5 hash:C7DF4C7117C0EA3FC75667D1B09DB5E8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Target ID:1
                                                                                                          Start time:02:17:57
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\is-320HS.tmp\Ni2ghr9eUJ.tmp" /SL5="$1042C,3770460,54272,C:\Users\user\Desktop\Ni2ghr9eUJ.exe"
                                                                                                          Imagebase:0x400000
                                                                                                          File size:705'536 bytes
                                                                                                          MD5 hash:B4D4F779EA9E1F6AC0828B0B21EE319A
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Target ID:3
                                                                                                          Start time:02:17:58
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\system32\schtasks.exe" /Delete /F /TN "video_minimizer_12125"
                                                                                                          Imagebase:0x620000
                                                                                                          File size:187'904 bytes
                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Target ID:4
                                                                                                          Start time:02:17:58
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff66e660000
                                                                                                          File size:862'208 bytes
                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Target ID:5
                                                                                                          Start time:02:17:58
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe" -i
                                                                                                          Imagebase:0x400000
                                                                                                          File size:3'191'062 bytes
                                                                                                          MD5 hash:624F0DE58BEEA53641A6304AE005CB48
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000005.00000002.3479884889.00000000027B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.2238211582.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Video Minimizer 1.77\videominimizer32.exe, Author: Joe Security
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          Target ID:11
                                                                                                          Start time:02:18:15
                                                                                                          Start date:13/12/2024
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                          Imagebase:0x7ff7403e0000
                                                                                                          File size:55'320 bytes
                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:21.3%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:2.5%
                                                                                                            Total number of Nodes:1464
                                                                                                            Total number of Limit Nodes:16
                                                                                                            execution_graph 4980 409c40 5021 4030dc 4980->5021 4982 409c56 5024 4042e8 4982->5024 4984 409c5b 5027 40457c GetModuleHandleA GetProcAddress 4984->5027 4988 409c65 5035 4065c8 4988->5035 4990 409c6a 5044 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 4990->5044 5007 409d43 5106 4074a0 5007->5106 5009 409d05 5009->5007 5139 409aa0 5009->5139 5010 409d84 5110 407a28 5010->5110 5011 409d69 5011->5010 5012 409aa0 18 API calls 5011->5012 5012->5010 5014 409da9 5120 408b08 5014->5120 5018 409def 5019 408b08 35 API calls 5018->5019 5020 409e28 5018->5020 5019->5018 5149 403094 5021->5149 5023 4030e1 GetModuleHandleA GetCommandLineA 5023->4982 5026 404323 5024->5026 5150 403154 5024->5150 5026->4984 5028 404598 5027->5028 5029 40459f GetProcAddress 5027->5029 5028->5029 5030 4045b5 GetProcAddress 5029->5030 5031 4045ae 5029->5031 5032 4045c4 SetProcessDEPPolicy 5030->5032 5033 4045c8 5030->5033 5031->5030 5032->5033 5034 404624 6F9C1CD0 5033->5034 5034->4988 5163 405ca8 5035->5163 5045 4090f7 5044->5045 5325 406fa0 SetErrorMode 5045->5325 5050 403198 4 API calls 5051 40913c 5050->5051 5052 409b30 GetSystemInfo VirtualQuery 5051->5052 5053 409be4 5052->5053 5056 409b5a 5052->5056 5058 409768 5053->5058 5054 409bc5 VirtualQuery 5054->5053 5054->5056 5055 409b84 VirtualProtect 5055->5056 5056->5053 5056->5054 5056->5055 5057 409bb3 VirtualProtect 5056->5057 5057->5054 5335 406bd0 GetCommandLineA 5058->5335 5060 409825 5061 4031b8 4 API calls 5060->5061 5063 40983f 5061->5063 5062 406c2c 20 API calls 5065 409785 5062->5065 5066 406c2c 5063->5066 5064 403454 18 API calls 5064->5065 5065->5060 5065->5062 5065->5064 5067 406c53 GetModuleFileNameA 5066->5067 5068 406c77 GetCommandLineA 5066->5068 5069 403278 18 API calls 5067->5069 5072 406c7c 5068->5072 5070 406c75 5069->5070 5073 406ca4 5070->5073 5071 406c81 5074 403198 4 API calls 5071->5074 5072->5071 5075 406af0 18 API calls 5072->5075 5076 406c89 5072->5076 5077 403198 4 API calls 5073->5077 5074->5076 5075->5072 5079 40322c 4 API calls 5076->5079 5078 406cb9 5077->5078 5080 4031e8 5078->5080 5079->5073 5081 4031ec 5080->5081 5084 4031fc 5080->5084 5083 403254 18 API calls 5081->5083 5081->5084 5082 403228 5086 4074e0 5082->5086 5083->5084 5084->5082 5085 4025ac 4 API calls 5084->5085 5085->5082 5087 4074ea 5086->5087 5356 407576 5087->5356 5359 407578 5087->5359 5088 407516 5090 40752a 5088->5090 5362 40748c GetLastError 5088->5362 5093 409bec FindResourceA 5090->5093 5094 409c01 5093->5094 5095 409c06 SizeofResource 5093->5095 5096 409aa0 18 API calls 5094->5096 5097 409c13 5095->5097 5098 409c18 LoadResource 5095->5098 5096->5095 5099 409aa0 18 API calls 5097->5099 5100 409c26 5098->5100 5101 409c2b LockResource 5098->5101 5099->5098 5104 409aa0 18 API calls 5100->5104 5102 409c37 5101->5102 5103 409c3c 5101->5103 5105 409aa0 18 API calls 5102->5105 5103->5009 5136 407918 5103->5136 5104->5101 5105->5103 5107 4074b4 5106->5107 5108 4074c4 5107->5108 5109 4073ec 34 API calls 5107->5109 5108->5011 5109->5108 5111 407a35 5110->5111 5112 405890 18 API calls 5111->5112 5113 407a89 5111->5113 5112->5113 5114 407918 InterlockedExchange 5113->5114 5115 407a9b 5114->5115 5116 405890 18 API calls 5115->5116 5117 407ab1 5115->5117 5116->5117 5118 407af4 5117->5118 5119 405890 18 API calls 5117->5119 5118->5014 5119->5118 5130 408b82 5120->5130 5135 408b39 5120->5135 5121 408bcd 5470 407cb8 5121->5470 5122 407cb8 35 API calls 5122->5135 5123 407cb8 35 API calls 5123->5130 5126 408be4 5128 4031b8 4 API calls 5126->5128 5127 4034f0 18 API calls 5127->5130 5129 408bfe 5128->5129 5146 404c20 5129->5146 5130->5121 5130->5123 5130->5127 5133 403420 18 API calls 5130->5133 5134 4031e8 18 API calls 5130->5134 5131 403420 18 API calls 5131->5135 5132 4031e8 18 API calls 5132->5135 5133->5130 5134->5130 5135->5122 5135->5130 5135->5131 5135->5132 5461 4034f0 5135->5461 5496 4078c4 5136->5496 5140 409ac1 5139->5140 5141 409aa9 5139->5141 5143 405890 18 API calls 5140->5143 5142 405890 18 API calls 5141->5142 5144 409abb 5142->5144 5145 409ad2 5143->5145 5144->5007 5145->5007 5147 402594 18 API calls 5146->5147 5148 404c2b 5147->5148 5148->5018 5149->5023 5151 403164 5150->5151 5152 40318c TlsGetValue 5150->5152 5151->5026 5153 403196 5152->5153 5154 40316f 5152->5154 5153->5026 5158 40310c 5154->5158 5156 403174 TlsGetValue 5157 403184 5156->5157 5157->5026 5159 403120 LocalAlloc 5158->5159 5160 403116 5158->5160 5161 40313e TlsSetValue 5159->5161 5162 403132 5159->5162 5160->5159 5161->5162 5162->5156 5235 405940 5163->5235 5166 405280 GetSystemDefaultLCID 5170 4052b6 5166->5170 5167 404cdc 19 API calls 5167->5170 5168 40520c 19 API calls 5168->5170 5169 4031e8 18 API calls 5169->5170 5170->5167 5170->5168 5170->5169 5174 405318 5170->5174 5171 40520c 19 API calls 5171->5174 5172 4031e8 18 API calls 5172->5174 5173 404cdc 19 API calls 5173->5174 5174->5171 5174->5172 5174->5173 5175 40539b 5174->5175 5303 4031b8 5175->5303 5178 4053c4 GetSystemDefaultLCID 5307 40520c GetLocaleInfoA 5178->5307 5181 4031e8 18 API calls 5182 405404 5181->5182 5183 40520c 19 API calls 5182->5183 5184 405419 5183->5184 5185 40520c 19 API calls 5184->5185 5186 40543d 5185->5186 5313 405258 GetLocaleInfoA 5186->5313 5189 405258 GetLocaleInfoA 5190 40546d 5189->5190 5191 40520c 19 API calls 5190->5191 5192 405487 5191->5192 5193 405258 GetLocaleInfoA 5192->5193 5194 4054a4 5193->5194 5195 40520c 19 API calls 5194->5195 5196 4054be 5195->5196 5197 4031e8 18 API calls 5196->5197 5198 4054cb 5197->5198 5199 40520c 19 API calls 5198->5199 5200 4054e0 5199->5200 5201 4031e8 18 API calls 5200->5201 5202 4054ed 5201->5202 5203 405258 GetLocaleInfoA 5202->5203 5204 4054fb 5203->5204 5205 40520c 19 API calls 5204->5205 5206 405515 5205->5206 5207 4031e8 18 API calls 5206->5207 5208 405522 5207->5208 5209 40520c 19 API calls 5208->5209 5210 405537 5209->5210 5211 4031e8 18 API calls 5210->5211 5212 405544 5211->5212 5213 40520c 19 API calls 5212->5213 5214 405559 5213->5214 5215 405576 5214->5215 5216 405567 5214->5216 5218 40322c 4 API calls 5215->5218 5321 40322c 5216->5321 5219 405574 5218->5219 5220 40520c 19 API calls 5219->5220 5221 405598 5220->5221 5222 4055b5 5221->5222 5223 4055a6 5221->5223 5224 403198 4 API calls 5222->5224 5225 40322c 4 API calls 5223->5225 5226 4055b3 5224->5226 5225->5226 5315 4033b4 5226->5315 5228 4055d7 5229 4033b4 18 API calls 5228->5229 5230 4055f1 5229->5230 5231 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5230->5231 5232 40560b 5231->5232 5233 405cf4 GetVersionExA 5232->5233 5234 405d0b 5233->5234 5234->4990 5236 40594c 5235->5236 5243 404cdc LoadStringA 5236->5243 5239 4031e8 18 API calls 5240 40597d 5239->5240 5246 403198 5240->5246 5250 403278 5243->5250 5247 4031b7 5246->5247 5248 40319e 5246->5248 5247->5166 5248->5247 5299 4025ac 5248->5299 5255 403254 5250->5255 5252 403288 5253 403198 4 API calls 5252->5253 5254 4032a0 5253->5254 5254->5239 5256 403274 5255->5256 5257 403258 5255->5257 5256->5252 5260 402594 5257->5260 5259 403261 5259->5252 5261 402598 5260->5261 5263 4025a2 5260->5263 5266 401fd4 5261->5266 5262 40259e 5262->5263 5264 403154 4 API calls 5262->5264 5263->5259 5263->5263 5264->5263 5267 401fe8 5266->5267 5268 401fed 5266->5268 5277 401918 RtlInitializeCriticalSection 5267->5277 5270 402012 RtlEnterCriticalSection 5268->5270 5271 40201c 5268->5271 5274 401ff1 5268->5274 5270->5271 5271->5274 5284 401ee0 5271->5284 5274->5262 5275 402147 5275->5262 5276 40213d RtlLeaveCriticalSection 5276->5275 5278 401946 5277->5278 5279 40193c RtlEnterCriticalSection 5277->5279 5280 401964 LocalAlloc 5278->5280 5279->5278 5281 40197e 5280->5281 5282 4019c3 RtlLeaveCriticalSection 5281->5282 5283 4019cd 5281->5283 5282->5283 5283->5268 5286 401ef0 5284->5286 5285 401f1c 5289 401f40 5285->5289 5295 401d00 5285->5295 5286->5285 5286->5289 5290 401e58 5286->5290 5289->5275 5289->5276 5291 4016d8 LocalAlloc VirtualAlloc VirtualFree VirtualFree VirtualAlloc 5290->5291 5292 401e68 5291->5292 5293 401dcc 9 API calls 5292->5293 5294 401e75 5292->5294 5293->5294 5294->5286 5296 401d4e 5295->5296 5297 401d1e 5295->5297 5296->5297 5298 401c68 9 API calls 5296->5298 5297->5289 5298->5297 5300 4025b0 5299->5300 5302 4025ba 5299->5302 5301 403154 4 API calls 5300->5301 5300->5302 5301->5302 5302->5247 5305 4031be 5303->5305 5304 4031e3 5304->5178 5305->5304 5306 4025ac 4 API calls 5305->5306 5306->5305 5308 405233 5307->5308 5309 405245 5307->5309 5310 403278 18 API calls 5308->5310 5311 40322c 4 API calls 5309->5311 5312 405243 5310->5312 5311->5312 5312->5181 5314 405274 5313->5314 5314->5189 5316 4033bc 5315->5316 5317 403254 18 API calls 5316->5317 5318 4033cf 5317->5318 5319 4031e8 18 API calls 5318->5319 5320 4033f7 5319->5320 5323 403230 5321->5323 5322 403252 5322->5219 5323->5322 5324 4025ac 4 API calls 5323->5324 5324->5322 5333 403414 5325->5333 5328 406fee 5329 407284 FormatMessageA 5328->5329 5330 4072aa 5329->5330 5331 403278 18 API calls 5330->5331 5332 4072c7 5331->5332 5332->5050 5334 403418 LoadLibraryA 5333->5334 5334->5328 5342 406af0 5335->5342 5337 406bf3 5338 406af0 18 API calls 5337->5338 5339 406c05 5337->5339 5338->5337 5340 403198 4 API calls 5339->5340 5341 406c1a 5340->5341 5341->5065 5343 406b1c 5342->5343 5344 403278 18 API calls 5343->5344 5345 406b29 5344->5345 5352 403420 5345->5352 5347 406b31 5348 4031e8 18 API calls 5347->5348 5349 406b49 5348->5349 5350 403198 4 API calls 5349->5350 5351 406b6b 5350->5351 5351->5337 5353 403426 5352->5353 5355 403437 5352->5355 5354 403254 18 API calls 5353->5354 5353->5355 5354->5355 5355->5347 5357 407578 5356->5357 5358 4075b7 CreateFileA 5357->5358 5358->5088 5360 403414 5359->5360 5361 4075b7 CreateFileA 5360->5361 5361->5088 5365 4073ec 5362->5365 5366 407284 19 API calls 5365->5366 5367 407414 5366->5367 5368 407434 5367->5368 5374 405194 5367->5374 5377 405890 5368->5377 5371 407443 5372 403198 4 API calls 5371->5372 5373 407460 5372->5373 5373->5090 5381 4051a8 5374->5381 5378 405897 5377->5378 5379 4031e8 18 API calls 5378->5379 5380 4058af 5379->5380 5380->5371 5382 4051c5 5381->5382 5389 404e58 5382->5389 5385 4051f1 5387 403278 18 API calls 5385->5387 5388 4051a3 5387->5388 5388->5368 5393 404e73 5389->5393 5390 404e85 5390->5385 5394 404be4 5390->5394 5393->5390 5397 404f7a 5393->5397 5404 404e4c 5393->5404 5395 405940 19 API calls 5394->5395 5396 404bf5 5395->5396 5396->5385 5398 404f8b 5397->5398 5401 404fd9 5397->5401 5400 40505f 5398->5400 5398->5401 5403 404ff7 5400->5403 5411 404e38 5400->5411 5401->5403 5407 404df4 5401->5407 5403->5393 5403->5403 5405 403198 4 API calls 5404->5405 5406 404e56 5405->5406 5406->5393 5408 404e02 5407->5408 5414 404bfc 5408->5414 5410 404e30 5410->5401 5427 4039a4 5411->5427 5417 4059b0 5414->5417 5416 404c15 5416->5410 5418 4059be 5417->5418 5419 404cdc 19 API calls 5418->5419 5420 4059e8 5419->5420 5421 405194 33 API calls 5420->5421 5422 4059f6 5421->5422 5423 4031e8 18 API calls 5422->5423 5424 405a01 5423->5424 5425 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5424->5425 5426 405a1b 5425->5426 5426->5416 5428 4039ab 5427->5428 5433 4038b4 5428->5433 5430 4039cb 5431 403198 4 API calls 5430->5431 5432 4039d2 5431->5432 5432->5403 5434 4038d5 5433->5434 5435 4038c8 5433->5435 5436 403934 5434->5436 5437 4038db 5434->5437 5438 403780 6 API calls 5435->5438 5441 403993 5436->5441 5442 40393b 5436->5442 5439 4038e1 5437->5439 5440 4038ee 5437->5440 5443 4038d0 5438->5443 5444 403894 6 API calls 5439->5444 5445 403894 6 API calls 5440->5445 5446 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5441->5446 5447 403941 5442->5447 5448 40394b 5442->5448 5443->5430 5444->5443 5450 4038fc 5445->5450 5446->5443 5451 403864 23 API calls 5447->5451 5449 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5448->5449 5452 40395d 5449->5452 5453 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5450->5453 5451->5443 5454 403864 23 API calls 5452->5454 5455 403917 5453->5455 5456 403976 5454->5456 5457 40374c VariantClear 5455->5457 5458 40374c VariantClear 5456->5458 5459 40392c 5457->5459 5460 40398b 5458->5460 5459->5430 5460->5430 5462 4034fd 5461->5462 5469 40352d 5461->5469 5463 403526 5462->5463 5465 403509 5462->5465 5466 403254 18 API calls 5463->5466 5464 403198 4 API calls 5467 403517 5464->5467 5476 4025c4 5465->5476 5466->5469 5467->5135 5469->5464 5471 407cd3 5470->5471 5474 407cc8 5470->5474 5480 407c5c 5471->5480 5474->5126 5475 405890 18 API calls 5475->5474 5477 4025ca 5476->5477 5478 4025dc 5477->5478 5479 403154 4 API calls 5477->5479 5478->5467 5478->5478 5479->5478 5481 407caf 5480->5481 5482 407c70 5480->5482 5481->5474 5481->5475 5482->5481 5484 407bac 5482->5484 5485 407bb7 5484->5485 5486 407bc8 5484->5486 5487 405890 18 API calls 5485->5487 5488 4074a0 34 API calls 5486->5488 5487->5486 5489 407bdc 5488->5489 5490 4074a0 34 API calls 5489->5490 5491 407bfd 5490->5491 5492 407918 InterlockedExchange 5491->5492 5493 407c12 5492->5493 5494 407c28 5493->5494 5495 405890 18 API calls 5493->5495 5494->5482 5495->5494 5497 4078d6 5496->5497 5498 4078e7 5496->5498 5499 4078db InterlockedExchange 5497->5499 5498->5009 5499->5498 6090 409e47 6091 409e6c 6090->6091 6092 4098f4 29 API calls 6091->6092 6095 409e71 6092->6095 6093 409ec4 6124 4026c4 GetSystemTime 6093->6124 6095->6093 6099 408dd8 18 API calls 6095->6099 6096 409ec9 6097 409330 46 API calls 6096->6097 6098 409ed1 6097->6098 6100 4031e8 18 API calls 6098->6100 6101 409ea0 6099->6101 6102 409ede 6100->6102 6104 409ea8 MessageBoxA 6101->6104 6103 406928 19 API calls 6102->6103 6105 409eeb 6103->6105 6104->6093 6106 409eb5 6104->6106 6107 4066c0 19 API calls 6105->6107 6108 405864 19 API calls 6106->6108 6109 409efb 6107->6109 6108->6093 6110 406638 19 API calls 6109->6110 6111 409f0c 6110->6111 6112 403340 18 API calls 6111->6112 6113 409f1a 6112->6113 6114 4031e8 18 API calls 6113->6114 6115 409f2a 6114->6115 6116 4074e0 37 API calls 6115->6116 6117 409f69 6116->6117 6118 402594 18 API calls 6117->6118 6119 409f89 6118->6119 6120 407a28 19 API calls 6119->6120 6121 409fcb 6120->6121 6122 407cb8 35 API calls 6121->6122 6123 409ff2 6122->6123 6124->6096 6051 407548 6052 407554 CloseHandle 6051->6052 6053 40755d 6051->6053 6052->6053 6595 402b48 RaiseException 6054 407749 6055 4076dc WriteFile 6054->6055 6063 407724 6054->6063 6056 4076e8 6055->6056 6057 4076ef 6055->6057 6058 40748c 35 API calls 6056->6058 6059 407700 6057->6059 6060 4073ec 34 API calls 6057->6060 6058->6057 6060->6059 6061 4077e0 6062 4078db InterlockedExchange 6061->6062 6065 407890 6061->6065 6064 4078e7 6062->6064 6063->6054 6063->6061 6596 40294a 6599 402952 6596->6599 6597 403554 4 API calls 6597->6599 6598 402967 6599->6597 6599->6598 6600 403f4a 6601 403f53 6600->6601 6602 403f5c 6600->6602 6604 403f07 6601->6604 6607 403f09 6604->6607 6605 403f3c 6605->6602 6609 403154 4 API calls 6607->6609 6611 403e9c 6607->6611 6615 403f3d 6607->6615 6627 403e9c 6607->6627 6608 403ecf 6608->6602 6609->6607 6610 403ef2 6613 402674 4 API calls 6610->6613 6611->6605 6611->6610 6616 403ea9 6611->6616 6618 403e8e 6611->6618 6613->6608 6615->6602 6616->6608 6617 402674 4 API calls 6616->6617 6617->6608 6619 403e4c 6618->6619 6620 403e67 6619->6620 6621 403e62 6619->6621 6622 403e7b 6619->6622 6625 403e78 6620->6625 6626 402674 4 API calls 6620->6626 6623 403cc8 4 API calls 6621->6623 6624 402674 4 API calls 6622->6624 6623->6620 6624->6625 6625->6610 6625->6616 6626->6625 6628 403ed7 6627->6628 6634 403ea9 6627->6634 6630 403ef2 6628->6630 6631 403e8e 4 API calls 6628->6631 6629 403ecf 6629->6607 6632 402674 4 API calls 6630->6632 6633 403ee6 6631->6633 6632->6629 6633->6630 6633->6634 6634->6629 6635 402674 4 API calls 6634->6635 6635->6629 6125 403a52 6126 403a74 6125->6126 6127 403a5a WriteFile 6125->6127 6127->6126 6128 403a78 GetLastError 6127->6128 6128->6126 6129 402654 6130 403154 4 API calls 6129->6130 6131 402614 6130->6131 6132 402632 6131->6132 6133 403154 4 API calls 6131->6133 6133->6132 6644 405160 6645 405173 6644->6645 6646 404e58 33 API calls 6645->6646 6647 405187 6646->6647 5500 409e62 5501 409aa0 18 API calls 5500->5501 5502 409e67 5501->5502 5503 409e6c 5502->5503 5603 402f24 5502->5603 5537 4098f4 5503->5537 5506 409ec4 5542 4026c4 GetSystemTime 5506->5542 5508 409e71 5508->5506 5608 408dd8 5508->5608 5509 409ec9 5543 409330 5509->5543 5513 4031e8 18 API calls 5515 409ede 5513->5515 5514 409ea0 5517 409ea8 MessageBoxA 5514->5517 5561 406928 5515->5561 5517->5506 5519 409eb5 5517->5519 5611 405864 5519->5611 5524 409f0c 5588 403340 5524->5588 5526 409f1a 5527 4031e8 18 API calls 5526->5527 5528 409f2a 5527->5528 5529 4074e0 37 API calls 5528->5529 5530 409f69 5529->5530 5531 402594 18 API calls 5530->5531 5532 409f89 5531->5532 5533 407a28 19 API calls 5532->5533 5534 409fcb 5533->5534 5535 407cb8 35 API calls 5534->5535 5536 409ff2 5535->5536 5615 40953c 5537->5615 5542->5509 5560 409350 5543->5560 5546 409375 CreateDirectoryA 5547 4093ed 5546->5547 5548 40937f GetLastError 5546->5548 5549 40322c 4 API calls 5547->5549 5548->5560 5550 4093f7 5549->5550 5552 4031b8 4 API calls 5550->5552 5551 408dd8 18 API calls 5551->5560 5554 409411 5552->5554 5555 4031b8 4 API calls 5554->5555 5557 40941e 5555->5557 5556 407284 19 API calls 5556->5560 5557->5513 5559 405890 18 API calls 5559->5560 5560->5546 5560->5551 5560->5556 5560->5559 5707 406cf4 5560->5707 5730 409224 5560->5730 5749 404c94 5560->5749 5752 408da8 5560->5752 5862 406820 5561->5862 5564 403454 18 API calls 5565 40694a 5564->5565 5566 4066c0 5565->5566 5867 4068e4 5566->5867 5569 4066f0 5571 403340 18 API calls 5569->5571 5570 4066fe 5572 403454 18 API calls 5570->5572 5573 4066fc 5571->5573 5574 406711 5572->5574 5576 403198 4 API calls 5573->5576 5575 403340 18 API calls 5574->5575 5575->5573 5577 406733 5576->5577 5578 406638 5577->5578 5579 406642 5578->5579 5580 406665 5578->5580 5873 406950 5579->5873 5581 40322c 4 API calls 5580->5581 5583 40666e 5581->5583 5583->5524 5584 406649 5584->5580 5585 406654 5584->5585 5586 403340 18 API calls 5585->5586 5587 406662 5586->5587 5587->5524 5589 403344 5588->5589 5590 4033a5 5588->5590 5591 4031e8 5589->5591 5592 40334c 5589->5592 5594 4031fc 5591->5594 5597 403254 18 API calls 5591->5597 5592->5590 5596 4031e8 18 API calls 5592->5596 5598 40335b 5592->5598 5593 403228 5593->5526 5594->5593 5599 4025ac 4 API calls 5594->5599 5595 403254 18 API calls 5600 403375 5595->5600 5596->5598 5597->5594 5598->5595 5599->5593 5601 4031e8 18 API calls 5600->5601 5602 4033a1 5601->5602 5602->5526 5604 403154 4 API calls 5603->5604 5605 402f29 5604->5605 5879 402bcc 5605->5879 5607 402f51 5607->5607 5609 408da8 18 API calls 5608->5609 5610 408df4 5609->5610 5610->5514 5612 405869 5611->5612 5613 405940 19 API calls 5612->5613 5614 40587b 5613->5614 5614->5614 5622 40955b 5615->5622 5616 409590 5618 40959d GetUserDefaultLangID 5616->5618 5623 409592 5616->5623 5617 409594 5633 407024 GetModuleHandleA GetProcAddress 5617->5633 5618->5623 5621 40956f 5627 409884 5621->5627 5622->5616 5622->5617 5622->5621 5623->5621 5624 4095cb GetACP 5623->5624 5625 4095ef 5623->5625 5624->5621 5624->5623 5625->5621 5626 409615 GetACP 5625->5626 5626->5621 5626->5625 5628 40988c 5627->5628 5632 4098c6 5627->5632 5629 403420 18 API calls 5628->5629 5628->5632 5630 4098c0 5629->5630 5691 408e80 5630->5691 5632->5508 5634 407067 5633->5634 5635 40705e 5633->5635 5636 407070 5634->5636 5637 4070a8 5634->5637 5644 403198 4 API calls 5635->5644 5654 406f68 5636->5654 5639 406f68 RegOpenKeyExA 5637->5639 5642 4070c1 5639->5642 5640 407089 5641 4070de 5640->5641 5657 406f5c 5640->5657 5646 40322c 4 API calls 5641->5646 5642->5641 5645 406f5c 20 API calls 5642->5645 5648 407120 5644->5648 5649 4070d5 RegCloseKey 5645->5649 5650 4070eb 5646->5650 5651 403198 4 API calls 5648->5651 5649->5641 5660 4032fc 5650->5660 5653 407128 5651->5653 5653->5623 5655 406f73 5654->5655 5656 406f79 RegOpenKeyExA 5654->5656 5655->5656 5656->5640 5674 406e10 5657->5674 5661 403300 5660->5661 5662 40333f 5660->5662 5663 40330a 5661->5663 5668 4031e8 5661->5668 5662->5635 5664 403334 5663->5664 5665 40331d 5663->5665 5667 4034f0 18 API calls 5664->5667 5669 4034f0 18 API calls 5665->5669 5666 403228 5666->5635 5673 403322 5667->5673 5670 403254 18 API calls 5668->5670 5671 4031fc 5668->5671 5669->5673 5670->5671 5671->5666 5672 4025ac 4 API calls 5671->5672 5672->5666 5673->5635 5675 406e36 RegQueryValueExA 5674->5675 5676 406e7b 5675->5676 5681 406e59 5675->5681 5678 403198 4 API calls 5676->5678 5677 406e73 5679 403198 4 API calls 5677->5679 5680 406f47 RegCloseKey 5678->5680 5679->5676 5680->5641 5681->5676 5681->5677 5682 403278 18 API calls 5681->5682 5683 403420 18 API calls 5681->5683 5682->5681 5684 406eb0 RegQueryValueExA 5683->5684 5684->5675 5685 406ecc 5684->5685 5685->5676 5686 4034f0 18 API calls 5685->5686 5687 406f0e 5686->5687 5688 406f20 5687->5688 5690 403420 18 API calls 5687->5690 5689 4031e8 18 API calls 5688->5689 5689->5676 5690->5688 5692 408e8e 5691->5692 5694 408ea6 5692->5694 5704 408e18 5692->5704 5695 408e18 18 API calls 5694->5695 5696 408eca 5694->5696 5695->5696 5697 407918 InterlockedExchange 5696->5697 5698 408ee5 5697->5698 5699 408e18 18 API calls 5698->5699 5701 408ef8 5698->5701 5699->5701 5700 408e18 18 API calls 5700->5701 5701->5700 5702 403278 18 API calls 5701->5702 5703 408f27 5701->5703 5702->5701 5703->5632 5705 405890 18 API calls 5704->5705 5706 408e29 5705->5706 5706->5694 5756 406a58 5707->5756 5710 406d26 5711 406a58 19 API calls 5710->5711 5714 406d72 5710->5714 5713 406d36 5711->5713 5716 406a34 21 API calls 5713->5716 5718 406d42 5713->5718 5764 406888 5714->5764 5716->5718 5717 406d67 5717->5714 5776 406cc8 GetWindowsDirectoryA 5717->5776 5718->5714 5718->5717 5720 406a58 19 API calls 5718->5720 5723 406d5b 5720->5723 5722 406638 19 API calls 5724 406d87 5722->5724 5723->5717 5726 406a34 21 API calls 5723->5726 5725 40322c 4 API calls 5724->5725 5727 406d91 5725->5727 5726->5717 5728 4031b8 4 API calls 5727->5728 5729 406dab 5728->5729 5729->5560 5731 409244 5730->5731 5732 406638 19 API calls 5731->5732 5733 40925d 5732->5733 5734 40322c 4 API calls 5733->5734 5735 409268 5734->5735 5736 406978 20 API calls 5735->5736 5738 4033b4 18 API calls 5735->5738 5739 408dd8 18 API calls 5735->5739 5741 405890 18 API calls 5735->5741 5742 4092e4 5735->5742 5816 4091b0 5735->5816 5824 409034 5735->5824 5736->5735 5738->5735 5739->5735 5741->5735 5743 40322c 4 API calls 5742->5743 5744 4092ef 5743->5744 5745 4031b8 4 API calls 5744->5745 5746 409309 5745->5746 5747 403198 4 API calls 5746->5747 5748 409311 5747->5748 5748->5560 5750 4051a8 33 API calls 5749->5750 5751 404cb2 5750->5751 5751->5560 5753 408dc8 5752->5753 5852 408c80 5753->5852 5757 4034f0 18 API calls 5756->5757 5759 406a6b 5757->5759 5758 406a82 GetEnvironmentVariableA 5758->5759 5760 406a8e 5758->5760 5759->5758 5763 406a95 5759->5763 5778 406dec 5759->5778 5761 403198 4 API calls 5760->5761 5761->5763 5763->5710 5773 406a34 5763->5773 5765 403414 5764->5765 5766 4068ab GetFullPathNameA 5765->5766 5767 4068b7 5766->5767 5768 4068ce 5766->5768 5767->5768 5769 4068bf 5767->5769 5770 40322c 4 API calls 5768->5770 5771 403278 18 API calls 5769->5771 5772 4068cc 5770->5772 5771->5772 5772->5722 5782 4069dc 5773->5782 5777 406ce9 5776->5777 5777->5714 5779 406dfa 5778->5779 5780 4034f0 18 API calls 5779->5780 5781 406e08 5780->5781 5781->5759 5789 406978 5782->5789 5784 4069fe 5785 406a06 GetFileAttributesA 5784->5785 5786 406a1b 5785->5786 5787 403198 4 API calls 5786->5787 5788 406a23 5787->5788 5788->5710 5799 406744 5789->5799 5791 4069b0 5793 4069c6 5791->5793 5794 4069bb 5791->5794 5807 403454 5793->5807 5796 40322c 4 API calls 5794->5796 5795 406989 5795->5791 5806 406970 CharPrevA 5795->5806 5798 4069c4 5796->5798 5798->5784 5802 406755 5799->5802 5800 4067b9 5801 406680 IsDBCSLeadByte 5800->5801 5804 4067b4 5800->5804 5801->5804 5802->5800 5803 406773 5802->5803 5803->5804 5814 406680 IsDBCSLeadByte 5803->5814 5804->5795 5806->5795 5808 403486 5807->5808 5810 403459 5807->5810 5809 403198 4 API calls 5808->5809 5811 40347c 5809->5811 5810->5808 5812 40346d 5810->5812 5811->5798 5813 403278 18 API calls 5812->5813 5813->5811 5815 406694 5814->5815 5815->5803 5817 403198 4 API calls 5816->5817 5819 4091d1 5817->5819 5821 4091fe 5819->5821 5833 4032a8 5819->5833 5836 403494 5819->5836 5822 403198 4 API calls 5821->5822 5823 409213 5822->5823 5823->5735 5840 408f70 5824->5840 5826 40904a 5827 40904e 5826->5827 5846 406a48 5826->5846 5827->5735 5830 409081 5849 408fac 5830->5849 5834 403278 18 API calls 5833->5834 5835 4032b5 5834->5835 5835->5819 5837 403498 5836->5837 5838 4034c3 5836->5838 5839 4034f0 18 API calls 5837->5839 5838->5819 5839->5838 5841 408f7a 5840->5841 5842 408f7e 5840->5842 5841->5826 5843 408fa0 SetLastError 5842->5843 5844 408f87 Wow64DisableWow64FsRedirection 5842->5844 5845 408f9b 5843->5845 5844->5845 5845->5826 5847 4069dc 21 API calls 5846->5847 5848 406a52 GetLastError 5847->5848 5848->5830 5850 408fb1 Wow64RevertWow64FsRedirection 5849->5850 5851 408fbb 5849->5851 5850->5851 5851->5735 5853 403198 4 API calls 5852->5853 5861 408cb1 5852->5861 5853->5861 5854 408cdc 5855 4031b8 4 API calls 5854->5855 5856 408d69 5855->5856 5856->5560 5857 408cc8 5859 4032fc 18 API calls 5857->5859 5858 403278 18 API calls 5858->5861 5859->5854 5860 4032fc 18 API calls 5860->5861 5861->5854 5861->5857 5861->5858 5861->5860 5863 406744 IsDBCSLeadByte 5862->5863 5865 406835 5863->5865 5864 40687f 5864->5564 5865->5864 5866 406680 IsDBCSLeadByte 5865->5866 5866->5865 5868 4068f3 5867->5868 5869 406820 IsDBCSLeadByte 5868->5869 5872 4068fe 5869->5872 5870 4066ea 5870->5569 5870->5570 5871 406680 IsDBCSLeadByte 5871->5872 5872->5870 5872->5871 5874 406957 5873->5874 5875 40695b 5873->5875 5874->5584 5878 406970 CharPrevA 5875->5878 5877 40696c 5877->5584 5878->5877 5880 402bd5 RaiseException 5879->5880 5881 402be6 5879->5881 5880->5881 5881->5607 6134 402e64 6135 402e69 6134->6135 6136 402e7a RtlUnwind 6135->6136 6137 402e5e 6135->6137 6138 402e9d 6136->6138 6151 40667c IsDBCSLeadByte 6152 406694 6151->6152 6660 403f7d 6661 403fa2 6660->6661 6664 403f84 6660->6664 6663 403e8e 4 API calls 6661->6663 6661->6664 6662 403f8c 6663->6664 6664->6662 6665 402674 4 API calls 6664->6665 6666 403fca 6665->6666 6673 403d02 6675 403d12 6673->6675 6674 403ddf ExitProcess 6675->6674 6676 403db8 6675->6676 6678 403dea 6675->6678 6683 403da4 6675->6683 6684 403d8f MessageBoxA 6675->6684 6677 403cc8 4 API calls 6676->6677 6679 403dc2 6677->6679 6680 403cc8 4 API calls 6679->6680 6681 403dcc 6680->6681 6693 4019dc 6681->6693 6689 403fe4 6683->6689 6684->6676 6685 403dd1 6685->6674 6685->6678 6690 403fe8 6689->6690 6691 403f07 4 API calls 6690->6691 6692 404006 6691->6692 6694 401abb 6693->6694 6695 4019ed 6693->6695 6694->6685 6696 401a04 RtlEnterCriticalSection 6695->6696 6697 401a0e LocalFree 6695->6697 6696->6697 6698 401a41 6697->6698 6699 401a2f VirtualFree 6698->6699 6700 401a49 6698->6700 6699->6698 6701 401a70 LocalFree 6700->6701 6702 401a87 6700->6702 6701->6701 6701->6702 6703 401aa9 RtlDeleteCriticalSection 6702->6703 6704 401a9f RtlLeaveCriticalSection 6702->6704 6703->6685 6704->6703 6157 404206 6158 4041cc 6157->6158 6161 40420a 6157->6161 6159 404282 6160 403154 4 API calls 6162 404323 6160->6162 6161->6159 6161->6160 6163 402c08 6166 402c82 6163->6166 6167 402c19 6163->6167 6164 402c56 RtlUnwind 6165 403154 4 API calls 6164->6165 6165->6166 6167->6164 6167->6166 6170 402b28 6167->6170 6171 402b31 RaiseException 6170->6171 6172 402b47 6170->6172 6171->6172 6172->6164 6173 408c10 6174 408c17 6173->6174 6175 403198 4 API calls 6174->6175 6183 408cb1 6175->6183 6176 408cdc 6177 4031b8 4 API calls 6176->6177 6178 408d69 6177->6178 6179 408cc8 6181 4032fc 18 API calls 6179->6181 6180 403278 18 API calls 6180->6183 6181->6176 6182 4032fc 18 API calls 6182->6183 6183->6176 6183->6179 6183->6180 6183->6182 6184 40a011 6185 40a036 6184->6185 6186 407918 InterlockedExchange 6185->6186 6187 40a060 6186->6187 6188 40a070 6187->6188 6189 409aa0 18 API calls 6187->6189 6194 4076ac SetEndOfFile 6188->6194 6189->6188 6191 40a08c 6192 4025ac 4 API calls 6191->6192 6193 40a0c3 6192->6193 6195 4076c3 6194->6195 6196 4076bc 6194->6196 6195->6191 6197 40748c 35 API calls 6196->6197 6197->6195 6705 409916 6707 409918 6705->6707 6706 40993a 6707->6706 6708 409956 CallWindowProcA 6707->6708 6708->6706 5933 407017 5934 407008 SetErrorMode 5933->5934 6202 403018 6203 403070 6202->6203 6204 403025 6202->6204 6205 40302a RtlUnwind 6204->6205 6206 40304e 6205->6206 6208 402f78 6206->6208 6209 402be8 6206->6209 6210 402bf1 RaiseException 6209->6210 6211 402c04 6209->6211 6210->6211 6211->6203 6715 409918 6716 40993a 6715->6716 6718 409927 6715->6718 6717 409956 CallWindowProcA 6717->6716 6718->6716 6718->6717 6216 40901e 6217 409010 6216->6217 6218 408fac Wow64RevertWow64FsRedirection 6217->6218 6219 409018 6218->6219 6220 409020 SetLastError 6221 409029 6220->6221 6236 403a28 ReadFile 6237 403a46 6236->6237 6238 403a49 GetLastError 6236->6238 6071 40762c ReadFile 6072 407663 6071->6072 6073 40764c 6071->6073 6074 407652 GetLastError 6073->6074 6075 40765c 6073->6075 6074->6072 6074->6075 6076 40748c 35 API calls 6075->6076 6076->6072 6243 40a02c 6244 409aa0 18 API calls 6243->6244 6245 40a031 6244->6245 6246 40a036 6245->6246 6247 402f24 5 API calls 6245->6247 6248 407918 InterlockedExchange 6246->6248 6247->6246 6249 40a060 6248->6249 6250 40a070 6249->6250 6251 409aa0 18 API calls 6249->6251 6252 4076ac 36 API calls 6250->6252 6251->6250 6253 40a08c 6252->6253 6254 4025ac 4 API calls 6253->6254 6255 40a0c3 6254->6255 6723 40712e 6724 407118 6723->6724 6725 403198 4 API calls 6724->6725 6726 407120 6725->6726 6727 403198 4 API calls 6726->6727 6728 407128 6727->6728 6729 408f30 6732 408dfc 6729->6732 6733 408e05 6732->6733 6734 403198 4 API calls 6733->6734 6735 408e13 6733->6735 6734->6733 6736 403932 6737 403924 6736->6737 6740 40374c 6737->6740 6739 40392c 6741 403766 6740->6741 6742 403759 6740->6742 6741->6739 6742->6741 6743 403779 VariantClear 6742->6743 6743->6739 5882 4075c4 SetFilePointer 5883 4075f7 5882->5883 5884 4075e7 GetLastError 5882->5884 5884->5883 5885 4075f0 5884->5885 5886 40748c 35 API calls 5885->5886 5886->5883 6256 4076c8 WriteFile 6257 4076e8 6256->6257 6260 4076ef 6256->6260 6258 40748c 35 API calls 6257->6258 6258->6260 6259 407700 6260->6259 6261 4073ec 34 API calls 6260->6261 6261->6259 6262 40a2ca 6271 4096fc 6262->6271 6265 402f24 5 API calls 6266 40a2d4 6265->6266 6267 403198 4 API calls 6266->6267 6268 40a2f3 6267->6268 6269 403198 4 API calls 6268->6269 6270 40a2fb 6269->6270 6280 4056ac 6271->6280 6273 409745 6276 403198 4 API calls 6273->6276 6274 409717 6274->6273 6286 40720c 6274->6286 6278 40975a 6276->6278 6277 409735 6279 40973d MessageBoxA 6277->6279 6278->6265 6279->6273 6281 403154 4 API calls 6280->6281 6282 4056b1 6281->6282 6283 4056c9 6282->6283 6284 403154 4 API calls 6282->6284 6283->6274 6285 4056bf 6284->6285 6285->6274 6287 4056ac 4 API calls 6286->6287 6288 40721b 6287->6288 6289 407221 6288->6289 6290 40722f 6288->6290 6291 40322c 4 API calls 6289->6291 6293 40724b 6290->6293 6294 40723f 6290->6294 6292 40722d 6291->6292 6292->6277 6304 4032b8 6293->6304 6297 4071d0 6294->6297 6298 40322c 4 API calls 6297->6298 6299 4071df 6298->6299 6300 4071fc 6299->6300 6301 406950 CharPrevA 6299->6301 6300->6292 6302 4071eb 6301->6302 6302->6300 6303 4032fc 18 API calls 6302->6303 6303->6300 6305 403278 18 API calls 6304->6305 6306 4032c2 6305->6306 6306->6292 6307 402ccc 6310 402cfe 6307->6310 6312 402cdd 6307->6312 6308 402d88 RtlUnwind 6309 403154 4 API calls 6308->6309 6309->6310 6311 402b28 RaiseException 6313 402d7f 6311->6313 6312->6308 6312->6310 6312->6311 6313->6308 6752 403fcd 6753 403f07 4 API calls 6752->6753 6754 403fd6 6753->6754 6755 403e9c 4 API calls 6754->6755 6756 403fe2 6755->6756 6314 4024d0 6315 4024e4 6314->6315 6316 4024e9 6314->6316 6319 401918 4 API calls 6315->6319 6317 402518 6316->6317 6318 40250e RtlEnterCriticalSection 6316->6318 6321 4024ed 6316->6321 6329 402300 6317->6329 6318->6317 6319->6316 6323 402525 6325 402581 6323->6325 6326 402577 RtlLeaveCriticalSection 6323->6326 6324 401fd4 14 API calls 6327 402531 6324->6327 6326->6325 6327->6323 6339 40215c 6327->6339 6330 402314 6329->6330 6332 4023b8 6330->6332 6333 402335 6330->6333 6331 402344 6331->6323 6331->6324 6332->6331 6337 402455 6332->6337 6356 401d80 6332->6356 6360 401e84 6332->6360 6333->6331 6353 401b74 6333->6353 6337->6331 6338 401d00 9 API calls 6337->6338 6338->6331 6340 40217a 6339->6340 6341 402175 6339->6341 6343 4021ab RtlEnterCriticalSection 6340->6343 6345 4021b5 6340->6345 6347 40217e 6340->6347 6342 401918 4 API calls 6341->6342 6342->6340 6343->6345 6344 4021c1 6348 4022e3 RtlLeaveCriticalSection 6344->6348 6349 4022ed 6344->6349 6345->6344 6346 402244 6345->6346 6351 402270 6345->6351 6346->6347 6350 401d80 7 API calls 6346->6350 6347->6323 6348->6349 6349->6323 6350->6347 6351->6344 6352 401d00 7 API calls 6351->6352 6352->6344 6354 40215c 9 API calls 6353->6354 6355 401b95 6354->6355 6355->6331 6357 401d92 6356->6357 6358 401d89 6356->6358 6357->6332 6358->6357 6359 401b74 9 API calls 6358->6359 6359->6357 6365 401768 6360->6365 6362 401e99 6363 401ea6 6362->6363 6376 401dcc 6362->6376 6363->6332 6366 401787 6365->6366 6367 40183b 6366->6367 6368 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 6366->6368 6370 40132c LocalAlloc 6366->6370 6371 401821 6366->6371 6373 4017d6 6366->6373 6374 4017e7 6367->6374 6387 4015c4 6367->6387 6368->6366 6370->6366 6372 40150c VirtualFree 6371->6372 6372->6374 6383 40150c 6373->6383 6374->6362 6377 401d80 9 API calls 6376->6377 6378 401de0 6377->6378 6391 40132c 6378->6391 6380 401df0 6381 401df8 6380->6381 6395 401b44 6380->6395 6381->6363 6386 40153b 6383->6386 6384 401594 6384->6374 6385 401568 VirtualFree 6385->6386 6386->6384 6386->6385 6388 40160a 6387->6388 6389 401626 VirtualAlloc 6388->6389 6390 40163a 6388->6390 6389->6388 6389->6390 6390->6374 6392 401348 6391->6392 6400 4012e4 6392->6400 6396 401b61 6395->6396 6397 401b52 6395->6397 6396->6381 6398 401d00 9 API calls 6397->6398 6399 401b5f 6398->6399 6399->6381 6403 40128c 6400->6403 6402 4012ef 6402->6380 6404 401298 LocalAlloc 6403->6404 6405 4012aa 6403->6405 6404->6405 6405->6402 6405->6405 6406 4028d2 6407 4028da 6406->6407 6408 403554 4 API calls 6407->6408 6409 4028ef 6407->6409 6408->6407 6410 4025ac 4 API calls 6409->6410 6411 4028f4 6410->6411 6757 4019d3 6758 4019ba 6757->6758 6759 4019c3 RtlLeaveCriticalSection 6758->6759 6760 4019cd 6758->6760 6759->6760 5887 407fd4 5888 407fe6 5887->5888 5890 407fed 5887->5890 5898 407f10 5888->5898 5891 408021 5890->5891 5893 408015 5890->5893 5894 408017 5890->5894 5892 40804e 5891->5892 5895 407d7c 33 API calls 5891->5895 5912 407e2c 5893->5912 5909 407d7c 5894->5909 5895->5892 5899 407f25 5898->5899 5900 407f34 5899->5900 5901 407d7c 33 API calls 5899->5901 5902 407f6e 5900->5902 5903 407d7c 33 API calls 5900->5903 5901->5900 5904 407f82 5902->5904 5905 407d7c 33 API calls 5902->5905 5903->5902 5908 407fae 5904->5908 5919 407eb8 5904->5919 5905->5904 5908->5890 5922 4058c4 5909->5922 5911 407d9e 5911->5891 5913 405194 33 API calls 5912->5913 5914 407e57 5913->5914 5930 407de4 5914->5930 5916 407e5f 5917 403198 4 API calls 5916->5917 5918 407e74 5917->5918 5918->5891 5920 407ec7 VirtualFree 5919->5920 5921 407ed9 VirtualAlloc 5919->5921 5920->5921 5921->5908 5923 4058d0 5922->5923 5924 405194 33 API calls 5923->5924 5925 4058fd 5924->5925 5926 4031e8 18 API calls 5925->5926 5927 405908 5926->5927 5928 403198 4 API calls 5927->5928 5929 40591d 5928->5929 5929->5911 5931 4058c4 33 API calls 5930->5931 5932 407e06 5931->5932 5932->5916 6416 405ad4 6417 405adc 6416->6417 6419 405ae4 6416->6419 6418 405aeb 6417->6418 6420 405ae2 6417->6420 6421 405940 19 API calls 6418->6421 6423 405a4c 6420->6423 6421->6419 6424 405a54 6423->6424 6425 405a6e 6424->6425 6426 403154 4 API calls 6424->6426 6427 405a73 6425->6427 6428 405a8a 6425->6428 6426->6424 6429 405940 19 API calls 6427->6429 6430 403154 4 API calls 6428->6430 6431 405a86 6429->6431 6432 405a8f 6430->6432 6434 403154 4 API calls 6431->6434 6433 4059b0 33 API calls 6432->6433 6433->6431 6435 405ab8 6434->6435 6436 403154 4 API calls 6435->6436 6437 405ac6 6436->6437 6437->6419 6438 40a0d5 6439 40a105 6438->6439 6440 40a10f CreateWindowExA SetWindowLongA 6439->6440 6441 405194 33 API calls 6440->6441 6442 40a192 6441->6442 6443 4032fc 18 API calls 6442->6443 6444 40a1a0 6443->6444 6445 4032fc 18 API calls 6444->6445 6446 40a1ad 6445->6446 6447 406b7c 19 API calls 6446->6447 6448 40a1b9 6447->6448 6449 4032fc 18 API calls 6448->6449 6450 40a1c2 6449->6450 6451 4099a4 43 API calls 6450->6451 6452 40a1d4 6451->6452 6453 409884 19 API calls 6452->6453 6454 40a1e7 6452->6454 6453->6454 6455 40a220 6454->6455 6456 4094d8 9 API calls 6454->6456 6457 40a239 6455->6457 6460 40a233 RemoveDirectoryA 6455->6460 6456->6455 6458 40a242 DestroyWindow 6457->6458 6459 40a24d 6457->6459 6458->6459 6461 40a275 6459->6461 6462 40357c 4 API calls 6459->6462 6460->6457 6463 40a26b 6462->6463 6464 4025ac 4 API calls 6463->6464 6464->6461 5935 40a0e7 5936 40a0eb SetLastError 5935->5936 5967 409648 GetLastError 5936->5967 5939 40a105 5941 40a10f CreateWindowExA SetWindowLongA 5939->5941 5940 402f24 5 API calls 5940->5939 5942 405194 33 API calls 5941->5942 5943 40a192 5942->5943 5944 4032fc 18 API calls 5943->5944 5945 40a1a0 5944->5945 5946 4032fc 18 API calls 5945->5946 5947 40a1ad 5946->5947 5980 406b7c GetCommandLineA 5947->5980 5950 4032fc 18 API calls 5951 40a1c2 5950->5951 5985 4099a4 5951->5985 5954 409884 19 API calls 5955 40a1e7 5954->5955 5956 40a220 5955->5956 5957 40a207 5955->5957 5959 40a239 5956->5959 5962 40a233 RemoveDirectoryA 5956->5962 6001 4094d8 5957->6001 5960 40a242 DestroyWindow 5959->5960 5961 40a24d 5959->5961 5960->5961 5963 40a275 5961->5963 6009 40357c 5961->6009 5962->5959 5965 40a26b 5966 4025ac 4 API calls 5965->5966 5966->5963 5968 404c94 33 API calls 5967->5968 5969 40968f 5968->5969 5970 407284 19 API calls 5969->5970 5971 40969f 5970->5971 5972 408da8 18 API calls 5971->5972 5973 4096b4 5972->5973 5974 405890 18 API calls 5973->5974 5975 4096c3 5974->5975 5976 4031b8 4 API calls 5975->5976 5977 4096e2 5976->5977 5978 403198 4 API calls 5977->5978 5979 4096ea 5978->5979 5979->5939 5979->5940 5981 406af0 18 API calls 5980->5981 5982 406ba1 5981->5982 5983 403198 4 API calls 5982->5983 5984 406bbf 5983->5984 5984->5950 5986 4033b4 18 API calls 5985->5986 5987 4099df 5986->5987 5988 409a11 CreateProcessA 5987->5988 5989 409a24 CloseHandle 5988->5989 5990 409a1d 5988->5990 5992 409a2d 5989->5992 5991 409648 35 API calls 5990->5991 5991->5989 6022 409978 5992->6022 5995 409a49 5996 409978 3 API calls 5995->5996 5997 409a4e GetExitCodeProcess CloseHandle 5996->5997 5998 409a6e 5997->5998 5999 403198 4 API calls 5998->5999 6000 409a76 5999->6000 6000->5954 6000->5955 6002 409532 6001->6002 6004 4094eb 6001->6004 6002->5956 6003 4094f3 Sleep 6003->6004 6004->6002 6004->6003 6005 409503 Sleep 6004->6005 6007 40951a GetLastError 6004->6007 6026 408fbc 6004->6026 6005->6004 6007->6002 6008 409524 GetLastError 6007->6008 6008->6002 6008->6004 6010 4035a0 6009->6010 6011 403591 6009->6011 6012 4035b1 6010->6012 6013 4035b8 6010->6013 6016 4035d0 6011->6016 6017 40359b 6011->6017 6018 4035b6 6011->6018 6014 403198 4 API calls 6012->6014 6015 4031b8 4 API calls 6013->6015 6014->6018 6015->6018 6016->6018 6020 40357c 4 API calls 6016->6020 6017->6010 6019 4035ec 6017->6019 6018->5965 6019->6018 6034 403554 6019->6034 6020->6016 6023 40998c PeekMessageA 6022->6023 6024 409980 TranslateMessage DispatchMessageA 6023->6024 6025 40999e MsgWaitForMultipleObjects 6023->6025 6024->6023 6025->5992 6025->5995 6027 408f70 2 API calls 6026->6027 6028 408fd2 6027->6028 6029 408fd6 6028->6029 6030 408ff2 DeleteFileA GetLastError 6028->6030 6029->6004 6031 409010 6030->6031 6032 408fac Wow64RevertWow64FsRedirection 6031->6032 6033 409018 6032->6033 6033->6004 6035 403566 6034->6035 6037 403578 6035->6037 6038 403604 6035->6038 6037->6019 6039 40357c 6038->6039 6040 4035a0 6039->6040 6041 4035b6 6039->6041 6046 40359b 6039->6046 6050 4035d0 6039->6050 6042 4035b1 6040->6042 6043 4035b8 6040->6043 6041->6035 6044 403198 4 API calls 6042->6044 6045 4031b8 4 API calls 6043->6045 6044->6041 6045->6041 6046->6040 6048 4035ec 6046->6048 6047 40357c 4 API calls 6047->6050 6048->6041 6049 403554 4 API calls 6048->6049 6049->6048 6050->6041 6050->6047 6764 402be9 RaiseException 6765 402c04 6764->6765 6471 402af2 6472 402afe 6471->6472 6475 402ed0 6472->6475 6476 403154 4 API calls 6475->6476 6478 402ee0 6476->6478 6477 402b03 6478->6477 6480 402b0c 6478->6480 6481 402b25 6480->6481 6482 402b15 RaiseException 6480->6482 6481->6477 6482->6481 6766 402dfa 6767 402e26 6766->6767 6768 402e0d 6766->6768 6770 402ba4 6768->6770 6771 402bc9 6770->6771 6772 402bad 6770->6772 6771->6767 6773 402bb5 RaiseException 6772->6773 6773->6771 6774 4075fa GetFileSize 6775 407626 6774->6775 6776 407616 GetLastError 6774->6776 6776->6775 6777 40761f 6776->6777 6778 40748c 35 API calls 6777->6778 6778->6775 6779 406ffb 6780 407008 SetErrorMode 6779->6780 6487 403a80 CloseHandle 6488 403a90 6487->6488 6489 403a91 GetLastError 6487->6489 6490 40a282 6492 40a1f4 6490->6492 6491 40a220 6494 40a239 6491->6494 6497 40a233 RemoveDirectoryA 6491->6497 6492->6491 6493 4094d8 9 API calls 6492->6493 6493->6491 6495 40a242 DestroyWindow 6494->6495 6496 40a24d 6494->6496 6495->6496 6498 40a275 6496->6498 6499 40357c 4 API calls 6496->6499 6497->6494 6500 40a26b 6499->6500 6501 4025ac 4 API calls 6500->6501 6501->6498 6502 404283 6503 4042c3 6502->6503 6504 403154 4 API calls 6503->6504 6505 404323 6504->6505 6781 404185 6782 4041ff 6781->6782 6783 4041cc 6782->6783 6784 403154 4 API calls 6782->6784 6785 404323 6784->6785 6506 40a287 6507 40a290 6506->6507 6509 40a2bb 6506->6509 6516 409448 6507->6516 6511 403198 4 API calls 6509->6511 6510 40a295 6510->6509 6513 40a2b3 MessageBoxA 6510->6513 6512 40a2f3 6511->6512 6514 403198 4 API calls 6512->6514 6513->6509 6515 40a2fb 6514->6515 6517 409454 GetCurrentProcess OpenProcessToken 6516->6517 6518 4094af ExitWindowsEx 6516->6518 6519 409466 6517->6519 6520 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6517->6520 6518->6519 6519->6510 6520->6518 6520->6519 6521 403e87 6522 403e4c 6521->6522 6523 403e67 6522->6523 6524 403e62 6522->6524 6525 403e7b 6522->6525 6528 403e78 6523->6528 6534 402674 6523->6534 6530 403cc8 6524->6530 6527 402674 4 API calls 6525->6527 6527->6528 6532 403cd6 6530->6532 6531 403ceb 6531->6523 6532->6531 6533 402674 4 API calls 6532->6533 6533->6531 6535 403154 4 API calls 6534->6535 6536 40267a 6535->6536 6536->6528 6545 407e90 6546 407eb8 VirtualFree 6545->6546 6547 407e9d 6546->6547 6790 403991 6791 403983 6790->6791 6792 40374c VariantClear 6791->6792 6793 40398b 6792->6793 6550 403e95 6551 403e4c 6550->6551 6552 403e67 6551->6552 6553 403e62 6551->6553 6554 403e7b 6551->6554 6557 403e78 6552->6557 6558 402674 4 API calls 6552->6558 6555 403cc8 4 API calls 6553->6555 6556 402674 4 API calls 6554->6556 6555->6552 6556->6557 6558->6557 6559 403a97 6560 403aac 6559->6560 6561 403bbc GetStdHandle 6560->6561 6562 403b0e CreateFileA 6560->6562 6572 403ab2 6560->6572 6563 403c17 GetLastError 6561->6563 6567 403bba 6561->6567 6562->6563 6564 403b2c 6562->6564 6563->6572 6566 403b3b GetFileSize 6564->6566 6564->6567 6566->6563 6568 403b4e SetFilePointer 6566->6568 6569 403be7 GetFileType 6567->6569 6567->6572 6568->6563 6573 403b6a ReadFile 6568->6573 6571 403c02 CloseHandle 6569->6571 6569->6572 6571->6572 6573->6563 6574 403b8c 6573->6574 6574->6567 6575 403b9f SetFilePointer 6574->6575 6575->6563 6576 403bb0 SetEndOfFile 6575->6576 6576->6563 6576->6567 6798 405ba2 6800 405ba4 6798->6800 6799 405be0 6803 405940 19 API calls 6799->6803 6800->6799 6801 405bf7 6800->6801 6802 405bda 6800->6802 6807 404cdc 19 API calls 6801->6807 6802->6799 6804 405c4c 6802->6804 6805 405bf3 6803->6805 6806 4059b0 33 API calls 6804->6806 6808 403198 4 API calls 6805->6808 6806->6805 6809 405c20 6807->6809 6810 405c86 6808->6810 6811 4059b0 33 API calls 6809->6811 6811->6805 6812 408da4 6813 408dc8 6812->6813 6814 408c80 18 API calls 6813->6814 6815 408dd1 6814->6815 6577 402caa 6578 403154 4 API calls 6577->6578 6579 402caf 6578->6579 6830 4011aa 6831 4011ac GetStdHandle 6830->6831 6077 4076ac SetEndOfFile 6078 4076c3 6077->6078 6079 4076bc 6077->6079 6080 40748c 35 API calls 6079->6080 6080->6078 6580 4028ac 6581 402594 18 API calls 6580->6581 6582 4028b6 6581->6582 6583 401ab9 6584 401a96 6583->6584 6585 401aa9 RtlDeleteCriticalSection 6584->6585 6586 401a9f RtlLeaveCriticalSection 6584->6586 6586->6585

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 116 409b30-409b54 GetSystemInfo VirtualQuery 117 409be4-409beb 116->117 118 409b5a 116->118 119 409bd9-409bde 118->119 119->117 120 409b5c-409b63 119->120 121 409bc5-409bd7 VirtualQuery 120->121 122 409b65-409b69 120->122 121->117 121->119 122->121 123 409b6b-409b73 122->123 124 409b84-409b95 VirtualProtect 123->124 125 409b75-409b78 123->125 127 409b97 124->127 128 409b99-409b9b 124->128 125->124 126 409b7a-409b7d 125->126 126->124 129 409b7f-409b82 126->129 127->128 130 409baa-409bad 128->130 129->124 129->128 131 409b9d-409ba6 call 409b28 130->131 132 409baf-409bb1 130->132 131->130 132->121 134 409bb3-409bc0 VirtualProtect 132->134 134->121
                                                                                                            APIs
                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 00409B42
                                                                                                            • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B4D
                                                                                                            • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409B8E
                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BC0
                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409BD0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$ProtectQuery$InfoSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 2441996862-0
                                                                                                            • Opcode ID: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                            • Instruction ID: 3002c4020e31fcb34e6ffc2d5983d7aa910ebdc8277ab133fd4bc27d875cdae8
                                                                                                            • Opcode Fuzzy Hash: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                                                            • Instruction Fuzzy Hash: F4219DB12003046BD7709AA99C85E5777E9EB85370F04082BFA89E32D3D239FC40C669
                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                            • Instruction ID: 1248db9972fbf410c55bf070b604c98f5d62b90992f8f49b6b6440a9954d2c50
                                                                                                            • Opcode Fuzzy Hash: 08facca5f8c818d7ae0117448837c5e97f15c9e55cb3aedc2694e0bc5091a832
                                                                                                            • Instruction Fuzzy Hash: E2E0927170021427D710A9A99C86AEB725CEB58310F0002BFB904E73C6EDB49E804AED

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00409C60), ref: 00404582
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                                                            • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00409C60), ref: 004045C6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                            • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                            • API String ID: 3256987805-3653653586
                                                                                                            • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                            • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                                                            • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                                                            • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • SetLastError.KERNEL32 ref: 0040A0F4
                                                                                                              • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,02152344), ref: 0040966C
                                                                                                            • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                            • SetWindowLongA.USER32(0001042C,000000FC,00409918), ref: 0040A148
                                                                                                            • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                            • DestroyWindow.USER32(0001042C,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ErrorLast$CreateDestroyDirectoryLongRemove
                                                                                                            • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                            • API String ID: 3757039580-3001827809
                                                                                                            • Opcode ID: 92d7a146f7fa7ea583be229cf1972f4387f7e731d45899e9009fd1a518b8a977
                                                                                                            • Instruction ID: f6a9afe5b3848034850d92184c83b7d566fc641e007638e18ad9d31f508a71de
                                                                                                            • Opcode Fuzzy Hash: 92d7a146f7fa7ea583be229cf1972f4387f7e731d45899e9009fd1a518b8a977
                                                                                                            • Instruction Fuzzy Hash: 3B411071600204DFD710EBA9EE86B9977A4EB45304F10467EF514B73E2C7B89811CB9D

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090C4
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090DE
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                            • API String ID: 1646373207-2130885113
                                                                                                            • Opcode ID: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                                            • Instruction ID: 4a4222b704d734fa8d0781b40c04fe9f9c76e7b4f133337d95099c0c8a01123f
                                                                                                            • Opcode Fuzzy Hash: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                                                            • Instruction Fuzzy Hash: 20017170748342AEFB00BB72DD4AB163A68E785704F50457BF5407A2D3DABD4C04DA6D

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                                                            • SetWindowLongA.USER32(0001042C,000000FC,00409918), ref: 0040A148
                                                                                                              • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040A1B9,?), ref: 00406B94
                                                                                                              • Part of subcall function 004099A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                              • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90,00000000), ref: 00409A28
                                                                                                              • Part of subcall function 004099A4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                              • Part of subcall function 004099A4: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                              • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90), ref: 00409A5C
                                                                                                            • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                                                            • DestroyWindow.USER32(0001042C,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                                                            • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                                                            • API String ID: 3586484885-3001827809
                                                                                                            • Opcode ID: a64027cc69530ce26e0d020b421cb23cd984c73ff13cd53596b8d38fe4c4ed4c
                                                                                                            • Instruction ID: bf8877be64b1eb53a955be5febe4cb156f3d413c702a3b20994545be7baf65d7
                                                                                                            • Opcode Fuzzy Hash: a64027cc69530ce26e0d020b421cb23cd984c73ff13cd53596b8d38fe4c4ed4c
                                                                                                            • Instruction Fuzzy Hash: 75411A71604204DFD714EBA9EE86B5A77A4EB49304F10427EE514B73E1CBB8A810CB9D

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90,00000000,00409A77), ref: 00409A14
                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90,00000000), ref: 00409A28
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                                                            • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                                                            • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,02152344,00409A90), ref: 00409A5C
                                                                                                              • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,02152344), ref: 0040966C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                                                            • String ID: D
                                                                                                            • API String ID: 3356880605-2746444292
                                                                                                            • Opcode ID: 752074f715f169f8c9b0a2dfdb1d62babdf7ca20371da5ab86507c15e851728d
                                                                                                            • Instruction ID: 6ea97129cf5aa135a7f7046e3a99eae43c862e8aca722617c6144c18eae127a8
                                                                                                            • Opcode Fuzzy Hash: 752074f715f169f8c9b0a2dfdb1d62babdf7ca20371da5ab86507c15e851728d
                                                                                                            • Instruction Fuzzy Hash: 3A1142B17442486EDB10EBE68C42FAEB7ACEF49714F50017BB604F72C2DA785D048A69

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 136 401918-40193a RtlInitializeCriticalSection 137 401946-40197c call 4012dc * 3 LocalAlloc 136->137 138 40193c-401941 RtlEnterCriticalSection 136->138 145 4019ad-4019c1 137->145 146 40197e 137->146 138->137 150 4019c3-4019c8 RtlLeaveCriticalSection 145->150 151 4019cd 145->151 147 401983-401995 146->147 147->147 149 401997-4019a6 147->149 149->145 150->151
                                                                                                            APIs
                                                                                                            • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 730355536-0
                                                                                                            • Opcode ID: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                            • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                                                            • Opcode Fuzzy Hash: 38709c719971e1168baf9cdc3c67f999ad3db3ab521e9349fb3b390a12b3c6f3
                                                                                                            • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message
                                                                                                            • String ID: .tmp$y@
                                                                                                            • API String ID: 2030045667-2396523267
                                                                                                            • Opcode ID: 025cb7c8070ceb0a973f57dc2423f3e96cefce6b80174f3a3145c26c436c6efd
                                                                                                            • Instruction ID: 436c98ae07f88f71ec52beeb6e72a39fdb1c754e3b127fd60db974180cd34f4e
                                                                                                            • Opcode Fuzzy Hash: 025cb7c8070ceb0a973f57dc2423f3e96cefce6b80174f3a3145c26c436c6efd
                                                                                                            • Instruction Fuzzy Hash: 7541AC30600200DFC715EF25DE96A5A77A5EB49304B50463AF804B73E2CBB9AC05CBAD

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message
                                                                                                            • String ID: .tmp$y@
                                                                                                            • API String ID: 2030045667-2396523267
                                                                                                            • Opcode ID: cf567291c84692d100e5ec609b282d55b3c5af0b5f3d357f2e8f357a6d06844b
                                                                                                            • Instruction ID: effdcd9541676c6323f3fad609c54d18bb0bf767b5f2530b550772909ae59cb2
                                                                                                            • Opcode Fuzzy Hash: cf567291c84692d100e5ec609b282d55b3c5af0b5f3d357f2e8f357a6d06844b
                                                                                                            • Instruction Fuzzy Hash: 1F418D70610204DFC715EF25DED6A5A77A5EB49308B50463AF804B73E2CBB9AC05CBAD

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                            • String ID: .tmp
                                                                                                            • API String ID: 1375471231-2986845003
                                                                                                            • Opcode ID: 7ba2b511fbcbba0bdafc57409f78771f2ffb69bdc1885ec5b7c8c3418ce725e0
                                                                                                            • Instruction ID: 229665e4fb482f752e04f7b041ef1ce89d659938bfc828767b82506ffacbf3f4
                                                                                                            • Opcode Fuzzy Hash: 7ba2b511fbcbba0bdafc57409f78771f2ffb69bdc1885ec5b7c8c3418ce725e0
                                                                                                            • Instruction Fuzzy Hash: 7C213774A04208ABDB05EFA1C8429DFB7B9EF88304F50457BE901B73C2DA7C9E059A65

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 337 407749-40774a 338 4076dc-4076e6 WriteFile 337->338 339 40774c-40776f 337->339 341 4076e8-4076ea call 40748c 338->341 342 4076ef-4076f2 338->342 340 407770-407785 339->340 343 407787 340->343 344 4077f9 340->344 341->342 346 407700-407704 342->346 347 4076f4-4076fb call 4073ec 342->347 348 40778a-40778f 343->348 349 4077fd-407802 343->349 350 40783b-40783d 344->350 351 4077fb 344->351 347->346 355 407803-407819 348->355 357 407791-407792 348->357 349->355 353 407841-407843 350->353 351->349 356 40785b-40785c 353->356 355->356 366 40781b 355->366 358 4078d6-4078eb call 407890 InterlockedExchange 356->358 359 40785e-40788c 356->359 360 407724-407741 357->360 361 407794-4077b4 357->361 379 407912-407917 358->379 380 4078ed-407910 358->380 377 407820-407823 359->377 378 407890-407893 359->378 365 4077b5 360->365 367 407743 360->367 361->365 372 4077b6-4077b7 365->372 373 4077f7-4077f8 365->373 374 40781e-40781f 366->374 368 407746-407747 367->368 369 4077b9 367->369 368->337 375 4077bb-4077cd 368->375 369->375 372->369 373->344 374->377 375->353 382 4077cf-4077d4 375->382 381 407898 377->381 383 407824 377->383 378->381 380->379 380->380 384 40789a 381->384 382->350 388 4077d6-4077de 382->388 383->384 386 407825 383->386 387 40789f 384->387 389 407896-407897 386->389 390 407826-40782d 386->390 392 4078a1 387->392 388->340 400 4077e0 388->400 389->381 390->392 393 40782f 390->393 397 4078a3 392->397 398 4078ac 392->398 395 407832-407833 393->395 396 4078a5-4078aa 393->396 395->350 395->374 399 4078ae-4078af 396->399 397->396 398->399 399->387 401 4078b1-4078bd 399->401 400->373 401->381 402 4078bf-4078c0 401->402
                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                            • Instruction ID: 20d0a63744b7af467993d3e8aec565234b7be2d060ba20bf9fd199bb98bd5a4e
                                                                                                            • Opcode Fuzzy Hash: 43d3196ec1ce5242573e8f450cfa6a0a1bc6604aabb0088ea34051851cbbaa4a
                                                                                                            • Instruction Fuzzy Hash: 8251D12294D2910FC7126B7849685A53FE0FE5331132E92FBC5C1AB1A3D27CA847D35B

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 403 401fd4-401fe6 404 401fe8 call 401918 403->404 405 401ffb-402010 403->405 409 401fed-401fef 404->409 407 402012-402017 RtlEnterCriticalSection 405->407 408 40201c-402025 405->408 407->408 410 402027 408->410 411 40202c-402032 408->411 409->405 412 401ff1-401ff6 409->412 410->411 413 402038-40203c 411->413 414 4020cb-4020d1 411->414 415 40214f-402158 412->415 418 402041-402050 413->418 419 40203e 413->419 416 4020d3-4020e0 414->416 417 40211d-40211f call 401ee0 414->417 420 4020e2-4020ea 416->420 421 4020ef-40211b call 402f54 416->421 424 402124-40213b 417->424 418->414 422 402052-402060 418->422 419->418 420->421 421->415 426 402062-402066 422->426 427 40207c-402080 422->427 435 402147 424->435 436 40213d-402142 RtlLeaveCriticalSection 424->436 428 402068 426->428 429 40206b-40207a 426->429 431 402082 427->431 432 402085-4020a0 427->432 428->429 434 4020a2-4020c6 call 402f54 429->434 431->432 432->434 434->415 436->435
                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00402148), ref: 00402017
                                                                                                              • Part of subcall function 00401918: RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                                                              • Part of subcall function 00401918: RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                                                              • Part of subcall function 00401918: LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                                                              • Part of subcall function 00401918: RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 296031713-0
                                                                                                            • Opcode ID: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                            • Instruction ID: b272be6629c35a549fc4f1c5a19e6e0df2414f51bb24a7fd7fb800939d1160d0
                                                                                                            • Opcode Fuzzy Hash: e41243de7c80276a36dcdd2c2c0e451bb1a6f3055e5ddec7aea90b49354f7273
                                                                                                            • Instruction Fuzzy Hash: D4419CB2A40711DFDB108F69DEC562A77A0FB58314B25837AD984B73E1D378A842CB48

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 439 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLibraryLoadMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2987862817-0
                                                                                                            • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                            • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                                                            • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                                                            • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                                                              • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021503AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$FilePointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 1156039329-0
                                                                                                            • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                            • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                                                            • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                                                            • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 443 40762c-40764a ReadFile 444 407663-40766a 443->444 445 40764c-407650 443->445 446 407652-40765a GetLastError 445->446 447 40765c-40765e call 40748c 445->447 446->444 446->447 447->444
                                                                                                            APIs
                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1948546556-0
                                                                                                            • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                            • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                                                            • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                                                            • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                                                            • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                                                              • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021503AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$FilePointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 1156039329-0
                                                                                                            • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                            • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                                                            • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                                                            • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$AllocFree
                                                                                                            • String ID:
                                                                                                            • API String ID: 2087232378-0
                                                                                                            • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                            • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                                                            • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                                                            • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                                                            APIs
                                                                                                            • GetSystemDefaultLCID.KERNEL32(00000000,004053B6), ref: 0040529F
                                                                                                              • Part of subcall function 00404CDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CF9
                                                                                                              • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 1658689577-0
                                                                                                            • Opcode ID: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                            • Instruction ID: b95c725f163960c8622ba1b0af82130980b93a97e76f79286a035b518bc8de08
                                                                                                            • Opcode Fuzzy Hash: ef449c44a2a61a26d18614e24c7ade2666283ce56a0d8fcdc2eeed56ad2c4646
                                                                                                            • Instruction Fuzzy Hash: 90314F75E01509ABCB00DF95C8C19EEB379FF84304F158577E815BB286E739AE068B98
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                            • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                                                            • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                                                            • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                            • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                                                            • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                                                            • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                            • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                                                            • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                                                            • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                                                              • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021503AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 442123175-0
                                                                                                            • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                            • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                                                            • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                                                            • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                                                            APIs
                                                                                                            • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FormatMessage
                                                                                                            • String ID:
                                                                                                            • API String ID: 1306739567-0
                                                                                                            • Opcode ID: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                            • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                                                            • Opcode Fuzzy Hash: 7ef42d69529baecca532a801bf1eab389dc79dba057db81877db687b261eaad4
                                                                                                            • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                                                            APIs
                                                                                                            • SetEndOfFile.KERNEL32(?,02168000,0040A08C,00000000), ref: 004076B3
                                                                                                              • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021503AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 734332943-0
                                                                                                            • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                            • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                                                            • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                                                            • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                            • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                                                            • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                                                            • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                            • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                                                            • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                                                            • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                                                            APIs
                                                                                                            • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CharPrev
                                                                                                            • String ID:
                                                                                                            • API String ID: 122130370-0
                                                                                                            • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                            • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                                                            • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                            • Instruction ID: 1e7236936b067224bcb0a7c190bcfb18a105a15b1652d3161176e1d0ad605fa4
                                                                                                            • Opcode Fuzzy Hash: 636722d4ca057b68616df378e1b8a5bd7f337355b9f7c137ab23b8dc1cafdb71
                                                                                                            • Instruction Fuzzy Hash: 43116371A042059BDB00EF19C881B5B7794AF44359F05807AF958AB2C6DB38E800CBAA
                                                                                                            APIs
                                                                                                            • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                            • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                                                            • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                                                            • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                            • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                                                            • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                                                            • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                                                            APIs
                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                            • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                                                            • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                                                            • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040949D
                                                                                                            • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004094A2
                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                            • API String ID: 107509674-3733053543
                                                                                                            • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                            • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                                                            • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                                                            • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409BF6
                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 00409C09
                                                                                                            • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000), ref: 00409C1B
                                                                                                            • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5), ref: 00409C2C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                            • String ID:
                                                                                                            • API String ID: 3473537107-0
                                                                                                            • Opcode ID: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                            • Instruction ID: ed04ed1443b666af2c347742ca0221af59beed1f1180006ed42e296f861e82c7
                                                                                                            • Opcode Fuzzy Hash: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                                                            • Instruction Fuzzy Hash: ECE07EA0B483562AFA6076FB08C2B2A018C4BA671DF40003BB701B92C3DEBD8C14856E
                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                            • Instruction ID: 1db3d1c1bb6fab5f91442dea8a08a829cd161d84d3a7e1f0c2fe21aaaafd944f
                                                                                                            • Opcode Fuzzy Hash: b79b605a6dbd2dbd76dc5df923bc970e8acc9169766131cf64cabc826e101d13
                                                                                                            • Instruction Fuzzy Hash: 9ED02EA230E2006AE210808B2C84EBB4A9CCEC53A0F00007FF648C3242D2208C029B76
                                                                                                            APIs
                                                                                                            • GetSystemTime.KERNEL32(?), ref: 004026CE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: SystemTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 2656138-0
                                                                                                            • Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                            • Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
                                                                                                            • Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
                                                                                                            • Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748
                                                                                                            APIs
                                                                                                            • GetVersionExA.KERNEL32(?,004065F0,00000000,004065FE,?,?,?,?,?,00409C6A), ref: 00405D02
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Version
                                                                                                            • String ID:
                                                                                                            • API String ID: 1889659487-0
                                                                                                            • Opcode ID: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                            • Instruction ID: 4c33b40dd65743d8d98a5ffd827b1eb297e5dd4f71424004bfe2d5ab9b26ea54
                                                                                                            • Opcode Fuzzy Hash: 804cda8d473c4c61bcc63f12479ba9190822d5c554409fc9a119c77cb0a2aa37
                                                                                                            • Instruction Fuzzy Hash: 00C0126040070186D7109B31DC02B1672D4AB44310F4405396DA4963C2E73C80018A6E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                            • Instruction ID: 7dc6dc86846b3232beed044054ddb30c9891ac2fec336679fba6e94018ae2b4c
                                                                                                            • Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
                                                                                                            • Instruction Fuzzy Hash: C032D775E00219DFCB14CF99CA80AADB7B2BF88314F24816AD855B7385DB34AE42CF55
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 0040704D
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 004070A1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressCloseHandleModuleProc
                                                                                                            • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                                                            • API String ID: 4190037839-2401316094
                                                                                                            • Opcode ID: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                            • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                                                            • Opcode Fuzzy Hash: 84283e8ecd5f01446eeee6c4ca3ac4597d6d061694d9d4138b3ca6e7d0b19e25
                                                                                                            • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                                                            • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                            • String ID:
                                                                                                            • API String ID: 1694776339-0
                                                                                                            • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                            • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                                                            • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                                                            • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                                                            APIs
                                                                                                            • GetSystemDefaultLCID.KERNEL32(00000000,0040560C,?,?,?,?,00000000,00000000,00000000,?,004065EB,00000000,004065FE), ref: 004053DE
                                                                                                              • Part of subcall function 0040520C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052D7,?,00000000,004053B6), ref: 0040522A
                                                                                                              • Part of subcall function 00405258: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040545A,?,?,?,00000000,0040560C), ref: 0040526B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale$DefaultSystem
                                                                                                            • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                            • API String ID: 1044490935-665933166
                                                                                                            • Opcode ID: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                            • Instruction ID: cc137df54ae1fcbb63b87987e69a719e9c27c4b31815d0debc5c9b1d2781c89a
                                                                                                            • Opcode Fuzzy Hash: 2becd82198b95216644133442ecc563e5ef80f5327bc31795fb041598c227e39
                                                                                                            • Instruction Fuzzy Hash: F8515374B00548ABDB00EBA59891A5F7769DB88304F50D5BBB515BB3C6CA3DCA058F1C
                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                                                            • LocalFree.KERNEL32(004DC4F0,00000000,00401AB4), ref: 00401A1B
                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,004DC4F0,00000000,00401AB4), ref: 00401A3A
                                                                                                            • LocalFree.KERNEL32(004DD4F0,?,00000000,00008000,004DC4F0,00000000,00401AB4), ref: 00401A79
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                                                            • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3782394904-0
                                                                                                            • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                            • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                                                            • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                                                            • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                                                            APIs
                                                                                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                                                            • ExitProcess.KERNEL32 ref: 00403DE5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitMessageProcess
                                                                                                            • String ID: Error$Runtime error at 00000000$9@
                                                                                                            • API String ID: 1220098344-1503883590
                                                                                                            • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                            • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                                                            • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                                                            • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$AllocString
                                                                                                            • String ID:
                                                                                                            • API String ID: 262959230-0
                                                                                                            • Opcode ID: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                            • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                                                            • Opcode Fuzzy Hash: 759139aa8138bb4f1b890a81a570935fc2f09484a8ccbcda4eb7e9d11bc9ffe5
                                                                                                            • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(00000000,00409C56), ref: 004030E3
                                                                                                            • GetCommandLineA.KERNEL32(00000000,00409C56), ref: 004030EE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CommandHandleLineModule
                                                                                                            • String ID: U1hd.@$h'L
                                                                                                            • API String ID: 2123368496-870312524
                                                                                                            • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                            • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                                                            • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                                                            • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,004098D0,00000000), ref: 00406E4C
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID: )q@
                                                                                                            • API String ID: 3660427363-2284170586
                                                                                                            • Opcode ID: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                            • Instruction ID: 22a93fbabe645b78fd14ced98f65bd4bcb22fe3fd6f8222f7fa8e6a3c98f8dfc
                                                                                                            • Opcode Fuzzy Hash: 32d2d681139902fa63b50b1e86c1c6042aee641263ad409bd5d16b68eaa8278f
                                                                                                            • Instruction Fuzzy Hash: E6415E31D0021AAFDB21DF95C881BAFB7B8EB04704F56447AE901F7280D738AF108B99
                                                                                                            APIs
                                                                                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 004094F7
                                                                                                            • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409507
                                                                                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 0040951A
                                                                                                            • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409524
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.3476026099.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.3475980242.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476133920.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.3476214841.0000000000411000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastSleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 1458359878-0
                                                                                                            • Opcode ID: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                            • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                                                            • Opcode Fuzzy Hash: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                                                            • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:16%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:4.6%
                                                                                                            Total number of Nodes:2000
                                                                                                            Total number of Limit Nodes:80
                                                                                                            execution_graph 49897 40cd00 49898 40cd12 49897->49898 49899 40cd0d 49897->49899 49901 406f48 CloseHandle 49899->49901 49901->49898 49902 4923a8 49903 4923dc 49902->49903 49904 4923de 49903->49904 49905 4923f2 49903->49905 50048 446f9c 32 API calls 49904->50048 49908 49242e 49905->49908 49909 492401 49905->49909 49907 4923e7 Sleep 49966 492429 49907->49966 49914 49246a 49908->49914 49915 49243d 49908->49915 50038 446ff8 49909->50038 49913 492410 49917 492418 FindWindowA 49913->49917 49920 492479 49914->49920 49921 4924c0 49914->49921 49916 446ff8 32 API calls 49915->49916 49918 49244a 49916->49918 50042 447278 49917->50042 49922 492452 FindWindowA 49918->49922 50049 446f9c 32 API calls 49920->50049 49926 49251c 49921->49926 49927 4924cf 49921->49927 49924 447278 19 API calls 49922->49924 49958 492465 49924->49958 49925 492485 50050 446f9c 32 API calls 49925->50050 49933 492578 49926->49933 49934 49252b 49926->49934 50053 446f9c 32 API calls 49927->50053 49930 492492 50051 446f9c 32 API calls 49930->50051 49931 4924db 50054 446f9c 32 API calls 49931->50054 49944 4925b2 49933->49944 49945 492587 49933->49945 50058 446f9c 32 API calls 49934->50058 49936 49249f 50052 446f9c 32 API calls 49936->50052 49939 4924e8 50055 446f9c 32 API calls 49939->50055 49940 4924aa SendMessageA 49943 447278 19 API calls 49940->49943 49941 492537 50059 446f9c 32 API calls 49941->50059 49943->49958 49956 4925c1 49944->49956 49957 492600 49944->49957 49948 446ff8 32 API calls 49945->49948 49947 4924f5 50056 446f9c 32 API calls 49947->50056 49951 492594 49948->49951 49949 492544 50060 446f9c 32 API calls 49949->50060 49959 49259c RegisterClipboardFormatA 49951->49959 49953 492500 PostMessageA 50057 4470d0 19 API calls 49953->50057 49955 492551 50061 446f9c 32 API calls 49955->50061 50063 446f9c 32 API calls 49956->50063 49967 49260f 49957->49967 49968 492654 49957->49968 49958->49966 49962 447278 19 API calls 49959->49962 49962->49966 49963 49255c SendNotifyMessageA 50062 4470d0 19 API calls 49963->50062 49964 4925cd 50064 446f9c 32 API calls 49964->50064 50088 403420 49966->50088 50066 446f9c 32 API calls 49967->50066 49975 4926a8 49968->49975 49976 492663 49968->49976 49970 4925da 50065 446f9c 32 API calls 49970->50065 49973 49261b 50067 446f9c 32 API calls 49973->50067 49974 4925e5 SendMessageA 49978 447278 19 API calls 49974->49978 49983 49270a 49975->49983 49984 4926b7 49975->49984 50070 446f9c 32 API calls 49976->50070 49978->49958 49980 492628 50068 446f9c 32 API calls 49980->50068 49981 49266f 50071 446f9c 32 API calls 49981->50071 49992 492719 49983->49992 49993 492791 49983->49993 49988 446ff8 32 API calls 49984->49988 49986 492633 PostMessageA 50069 4470d0 19 API calls 49986->50069 49990 4926c4 49988->49990 49989 49267c 50072 446f9c 32 API calls 49989->50072 50074 42e394 SetErrorMode 49990->50074 49996 446ff8 32 API calls 49992->49996 50003 4927a0 49993->50003 50004 4927c6 49993->50004 49995 492687 SendNotifyMessageA 50073 4470d0 19 API calls 49995->50073 49999 492728 49996->49999 49997 4926d1 50000 4926e7 GetLastError 49997->50000 50001 4926d7 49997->50001 50077 446f9c 32 API calls 49999->50077 50005 447278 19 API calls 50000->50005 50002 447278 19 API calls 50001->50002 50006 4926e5 50002->50006 50082 446f9c 32 API calls 50003->50082 50011 4927f8 50004->50011 50012 4927d5 50004->50012 50005->50006 50010 447278 19 API calls 50006->50010 50009 4927aa FreeLibrary 50083 4470d0 19 API calls 50009->50083 50010->49966 50021 492807 50011->50021 50027 49283b 50011->50027 50015 446ff8 32 API calls 50012->50015 50013 49273b GetProcAddress 50016 492781 50013->50016 50017 492747 50013->50017 50018 4927e1 50015->50018 50081 4470d0 19 API calls 50016->50081 50078 446f9c 32 API calls 50017->50078 50023 4927e9 CreateMutexA 50018->50023 50084 48c764 32 API calls 50021->50084 50022 492753 50079 446f9c 32 API calls 50022->50079 50023->49966 50026 492760 50030 447278 19 API calls 50026->50030 50027->49966 50086 48c764 32 API calls 50027->50086 50029 492813 50032 492824 OemToCharBuffA 50029->50032 50031 492771 50030->50031 50080 4470d0 19 API calls 50031->50080 50085 48c77c 19 API calls 50032->50085 50035 492856 50036 492867 CharToOemBuffA 50035->50036 50087 48c77c 19 API calls 50036->50087 50039 447000 50038->50039 50092 436078 50039->50092 50041 44701f 50041->49913 50043 447280 50042->50043 50205 4363e0 VariantClear 50043->50205 50045 4472a3 50046 4472ba 50045->50046 50206 408c0c 18 API calls 50045->50206 50046->49966 50048->49907 50049->49925 50050->49930 50051->49936 50052->49940 50053->49931 50054->49939 50055->49947 50056->49953 50057->49958 50058->49941 50059->49949 50060->49955 50061->49963 50062->49966 50063->49964 50064->49970 50065->49974 50066->49973 50067->49980 50068->49986 50069->49958 50070->49981 50071->49989 50072->49995 50073->49966 50207 403738 50074->50207 50077->50013 50078->50022 50079->50026 50080->49958 50081->49958 50082->50009 50083->49966 50084->50029 50085->49966 50086->50035 50087->49966 50089 403426 50088->50089 50090 40344b 50089->50090 50091 402660 4 API calls 50089->50091 50091->50089 50093 436084 50092->50093 50106 4360a6 50092->50106 50093->50106 50112 408c0c 18 API calls 50093->50112 50094 436129 50121 408c0c 18 API calls 50094->50121 50096 436111 50116 403494 50096->50116 50097 4360f9 50104 403510 18 API calls 50097->50104 50098 4360ed 50113 403510 50098->50113 50099 43611d 50120 4040e8 32 API calls 50099->50120 50110 436102 50104->50110 50106->50094 50106->50096 50106->50097 50106->50098 50106->50099 50111 436105 50106->50111 50107 436126 50107->50041 50109 43613a 50109->50041 50110->50041 50111->50041 50112->50106 50122 4034e0 50113->50122 50117 403498 50116->50117 50118 4034ba 50117->50118 50119 402660 4 API calls 50117->50119 50118->50041 50119->50118 50120->50107 50121->50109 50127 4034bc 50122->50127 50124 4034f0 50132 403400 50124->50132 50128 4034c0 50127->50128 50129 4034dc 50127->50129 50136 402648 50128->50136 50129->50124 50131 4034c9 50131->50124 50133 403406 50132->50133 50134 40341f 50132->50134 50133->50134 50200 402660 50133->50200 50134->50041 50137 40264c 50136->50137 50139 402656 50136->50139 50142 402088 50137->50142 50138 402652 50138->50139 50153 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50138->50153 50139->50131 50139->50139 50143 40209c 50142->50143 50144 4020a1 50142->50144 50154 4019cc RtlInitializeCriticalSection 50143->50154 50145 4020c6 RtlEnterCriticalSection 50144->50145 50147 4020d0 50144->50147 50150 4020a5 50144->50150 50145->50147 50147->50150 50161 401f94 50147->50161 50150->50138 50151 4021f1 RtlLeaveCriticalSection 50152 4021fb 50151->50152 50152->50138 50153->50139 50155 4019f0 RtlEnterCriticalSection 50154->50155 50156 4019fa 50154->50156 50155->50156 50157 401a18 LocalAlloc 50156->50157 50158 401a32 50157->50158 50159 401a81 50158->50159 50160 401a77 RtlLeaveCriticalSection 50158->50160 50159->50144 50160->50159 50162 401fa4 50161->50162 50163 401ff4 50162->50163 50164 401fd0 50162->50164 50167 401f0c 50162->50167 50163->50151 50163->50152 50164->50163 50172 401db4 50164->50172 50176 40178c 50167->50176 50170 401f29 50170->50162 50173 401e02 50172->50173 50174 401dd2 50172->50174 50173->50174 50187 401d1c 50173->50187 50174->50163 50177 4017a8 50176->50177 50178 4014e4 LocalAlloc VirtualAlloc VirtualFree 50177->50178 50179 4017b2 50177->50179 50181 40180f 50177->50181 50182 4013e0 LocalAlloc 50177->50182 50183 401803 50177->50183 50178->50177 50180 401678 VirtualAlloc 50179->50180 50184 4017be 50180->50184 50181->50170 50186 401e80 9 API calls 50181->50186 50182->50177 50185 4015c0 VirtualFree 50183->50185 50184->50181 50185->50181 50186->50170 50188 401d2e 50187->50188 50189 401d51 50188->50189 50190 401d63 50188->50190 50191 401940 LocalAlloc VirtualFree VirtualFree 50189->50191 50192 401940 LocalAlloc VirtualFree VirtualFree 50190->50192 50193 401d61 50191->50193 50192->50193 50194 401d79 50193->50194 50195 401bf8 9 API calls 50193->50195 50194->50174 50196 401d88 50195->50196 50197 401da2 50196->50197 50198 401c4c 9 API calls 50196->50198 50199 401454 LocalAlloc 50197->50199 50198->50197 50199->50194 50201 402664 50200->50201 50202 40266e 50200->50202 50201->50202 50204 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50201->50204 50202->50134 50204->50202 50205->50045 50206->50046 50208 40373c LoadLibraryA 50207->50208 50208->49997 50209 42f520 50210 42f52b 50209->50210 50211 42f52f NtdllDefWindowProc_A 50209->50211 50211->50210 50212 46b984 50213 46b9b8 50212->50213 50246 46be21 50212->50246 50215 46b9f4 50213->50215 50218 46ba50 50213->50218 50219 46ba2e 50213->50219 50220 46ba3f 50213->50220 50221 46ba0c 50213->50221 50222 46ba1d 50213->50222 50214 403400 4 API calls 50217 46be60 50214->50217 50215->50246 50303 468ae8 50215->50303 50226 403400 4 API calls 50217->50226 50541 46b914 59 API calls 50218->50541 50268 46b544 50219->50268 50540 46b704 81 API calls 50220->50540 50538 46b294 61 API calls 50221->50538 50539 46b3fc 56 API calls 50222->50539 50230 46be68 50226->50230 50229 46ba12 50229->50215 50229->50246 50231 46ba8c 50242 46bacf 50231->50242 50231->50246 50542 494910 50231->50542 50234 46bbf2 50561 483070 137 API calls 50234->50561 50237 46bc0d 50237->50246 50238 42cbc0 20 API calls 50238->50242 50239 46bc4b 50321 469d90 50239->50321 50240 414ae8 18 API calls 50240->50242 50241 403450 18 API calls 50241->50242 50242->50234 50242->50238 50242->50239 50242->50240 50242->50241 50243 46addc 37 API calls 50242->50243 50242->50246 50264 46bd13 50242->50264 50306 468a24 50242->50306 50314 46ab48 50242->50314 50465 482b68 50242->50465 50578 46b050 33 API calls 50242->50578 50243->50242 50246->50214 50247 46addc 37 API calls 50247->50246 50249 46bcb1 50382 403450 50249->50382 50252 46bd1d 50258 46bddf 50252->50258 50388 46addc 50252->50388 50253 46bccd 50562 457d6c 50253->50562 50257 457d6c 38 API calls 50257->50264 50264->50247 50579 46c298 50268->50579 50271 46b6c6 50272 403420 4 API calls 50271->50272 50274 46b6e0 50272->50274 50276 403400 4 API calls 50274->50276 50275 46b592 50301 46b6b2 50275->50301 50586 455f84 27 API calls 50275->50586 50278 46b6e8 50276->50278 50277 403450 18 API calls 50277->50271 50280 403400 4 API calls 50278->50280 50281 46b6f0 50280->50281 50281->50215 50283 46b615 50283->50271 50297 46b675 50283->50297 50596 42cd48 50283->50596 50284 46b5b0 50284->50283 50587 466474 50284->50587 50287 42cd48 21 API calls 50290 46b68b 50287->50290 50295 451458 18 API calls 50290->50295 50290->50301 50291 466474 33 API calls 50293 46b5f0 50291->50293 50591 451428 50293->50591 50298 46b6a2 50295->50298 50297->50271 50297->50287 50297->50301 50603 47eab4 56 API calls 50298->50603 50301->50271 50301->50277 50304 468a24 33 API calls 50303->50304 50305 468af7 50304->50305 50305->50231 50309 468a53 50306->50309 50307 4078f4 33 API calls 50308 468a8c 50307->50308 50870 453344 18 API calls 50308->50870 50309->50307 50311 468a94 50309->50311 50312 403400 4 API calls 50311->50312 50313 468aac 50312->50313 50313->50242 50315 46ab54 50314->50315 50316 46ab59 50314->50316 50317 46ab57 50315->50317 50871 46a5b4 50315->50871 50956 4698f4 60 API calls 50316->50956 50317->50242 50319 46ab61 50319->50242 50322 403400 4 API calls 50321->50322 50323 469dbe 50322->50323 51333 47d7f0 50323->51333 50325 469e21 50326 469e25 50325->50326 50327 469e3e 50325->50327 51340 466674 50326->51340 50329 469e2f 50327->50329 51343 494800 18 API calls 50327->51343 50330 46a0d2 50329->50330 50332 469f5d 50329->50332 50333 469fc8 50329->50333 50334 403420 4 API calls 50330->50334 50337 403494 4 API calls 50332->50337 50338 403494 4 API calls 50333->50338 50339 46a0fc 50334->50339 50335 469e5a 50335->50329 50336 469e62 50335->50336 50340 46addc 37 API calls 50336->50340 50341 469f6a 50337->50341 50342 469fd5 50338->50342 50339->50249 50349 469e6f 50340->50349 50343 40357c 18 API calls 50341->50343 50344 40357c 18 API calls 50342->50344 50345 469f77 50343->50345 50346 469fe2 50344->50346 50347 40357c 18 API calls 50345->50347 50348 40357c 18 API calls 50346->50348 50350 469f84 50347->50350 50351 469fef 50348->50351 50354 469eb0 50349->50354 50355 469e98 SetActiveWindow 50349->50355 50352 40357c 18 API calls 50350->50352 50353 40357c 18 API calls 50351->50353 50356 469f91 50352->50356 50357 469ffc 50353->50357 51344 42f560 50354->51344 50355->50354 50359 466674 34 API calls 50356->50359 50358 40357c 18 API calls 50357->50358 50361 46a00a 50358->50361 50360 469f9f 50359->50360 50362 40357c 18 API calls 50360->50362 50363 414b18 18 API calls 50361->50363 50365 469fa8 50362->50365 50366 469fc6 50363->50366 50368 40357c 18 API calls 50365->50368 51361 4669ac 50366->51361 50371 469fb5 50368->50371 50373 414b18 18 API calls 50371->50373 50372 469f01 50374 46ac58 35 API calls 50372->50374 50373->50366 50375 469f33 50374->50375 50375->50249 50384 403454 50382->50384 50386 403464 50382->50386 50383 403490 50383->50252 50383->50253 50385 4034bc 18 API calls 50384->50385 50384->50386 50385->50386 50386->50383 50387 402660 4 API calls 50386->50387 50387->50383 50389 468ae8 33 API calls 50388->50389 50390 46adf4 50389->50390 50391 46ae16 50390->50391 50392 465140 21 API calls 50390->50392 51557 465140 50391->51557 50392->50391 50396 46ae2e 50397 46ac58 35 API calls 50396->50397 50398 46ae66 50397->50398 50399 414b18 18 API calls 50398->50399 50400 46ae7a 50399->50400 50401 46ae86 50400->50401 50402 46aeb0 50400->50402 50403 414b18 18 API calls 50401->50403 50405 46aecf 50402->50405 50406 46aef9 50402->50406 50404 46ae9a 50403->50404 50408 414b18 18 API calls 50404->50408 50409 414b18 18 API calls 50405->50409 50407 414b18 18 API calls 50406->50407 50410 46af0d 50407->50410 50411 46aeae 50408->50411 50412 46aee3 50409->50412 50413 414b18 18 API calls 50410->50413 51574 46ab70 50411->51574 50414 414b18 18 API calls 50412->50414 50413->50411 50414->50411 50466 46c298 62 API calls 50465->50466 50467 482bab 50466->50467 50468 482bb4 50467->50468 51840 408be0 19 API calls 50467->51840 50470 414ae8 18 API calls 50468->50470 50471 482bc4 50470->50471 50472 403450 18 API calls 50471->50472 50473 482bd1 50472->50473 51642 46c5f0 50473->51642 50476 482be1 50478 414ae8 18 API calls 50476->50478 50479 482bf1 50478->50479 50480 403450 18 API calls 50479->50480 50481 482bfe 50480->50481 50482 4696dc SendMessageA 50481->50482 50483 482c17 50482->50483 50484 482c68 50483->50484 51842 47993c 37 API calls 50483->51842 51671 4241dc IsIconic 50484->51671 50488 482c98 51679 481f98 50488->51679 50489 482c83 SetActiveWindow 50489->50488 50538->50229 50539->50215 50540->50215 50541->50215 53513 43d9c8 50542->53513 50545 49493c 53518 431bd0 50545->53518 50546 4949c2 50547 4949d1 50546->50547 53551 494138 18 API calls 50546->53551 50547->50242 50556 494986 53549 4941cc 18 API calls 50556->53549 50558 49499a 53550 433dd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50558->53550 50560 4949ba 50560->50242 50561->50237 50563 457d91 50562->50563 50564 457db1 50563->50564 50565 4078f4 33 API calls 50563->50565 50567 403400 4 API calls 50564->50567 50566 457da9 50565->50566 50568 457b60 38 API calls 50566->50568 50569 457dc6 50567->50569 50568->50564 50569->50257 50578->50242 50604 46c330 50579->50604 50582 414ae8 50583 414af6 50582->50583 50584 4034e0 18 API calls 50583->50584 50585 414b03 50584->50585 50585->50275 50586->50284 50588 46648e 50587->50588 50821 4078f4 50588->50821 50864 42cccc 50596->50864 50599 451458 50600 451428 18 API calls 50599->50600 50601 451474 50600->50601 50602 47eab4 56 API calls 50601->50602 50602->50297 50603->50301 50605 414ae8 18 API calls 50604->50605 50606 46c364 50605->50606 50665 46670c 50606->50665 50610 46c376 50611 46c385 50610->50611 50614 46c39e 50610->50614 50734 47eab4 56 API calls 50611->50734 50613 46c399 50615 403420 4 API calls 50613->50615 50617 46c3e5 50614->50617 50618 46c3cc 50614->50618 50616 46b576 50615->50616 50616->50271 50616->50582 50619 46c44a 50617->50619 50632 46c3e9 50617->50632 50735 47eab4 56 API calls 50618->50735 50737 42cb4c CharNextA 50619->50737 50622 46c459 50623 46c45d 50622->50623 50626 46c476 50622->50626 50738 47eab4 56 API calls 50623->50738 50625 46c431 50736 47eab4 56 API calls 50625->50736 50627 46c49a 50626->50627 50679 46687c 50626->50679 50739 47eab4 56 API calls 50627->50739 50632->50625 50632->50626 50635 46c4b3 50687 403778 50635->50687 50640 46c4da 50740 466908 18 API calls 50640->50740 50641 46c50b 50698 42c8cc 50641->50698 50644 46c4ed 50646 451458 18 API calls 50644->50646 50648 46c4fa 50646->50648 50741 47eab4 56 API calls 50648->50741 50670 466726 50665->50670 50667 42cbc0 20 API calls 50667->50670 50668 403450 18 API calls 50668->50670 50669 406bb0 18 API calls 50669->50670 50670->50667 50670->50668 50670->50669 50671 46676f 50670->50671 50744 42caac 50670->50744 50672 403420 4 API calls 50671->50672 50673 466789 50672->50673 50674 414b18 50673->50674 50675 414ae8 18 API calls 50674->50675 50676 414b3c 50675->50676 50677 403400 4 API calls 50676->50677 50678 414b6d 50677->50678 50678->50610 50680 466886 50679->50680 50681 466899 50680->50681 50774 42cb3c CharNextA 50680->50774 50681->50627 50683 4668ac 50681->50683 50685 4668b6 50683->50685 50684 4668e3 50684->50627 50684->50635 50685->50684 50775 42cb3c CharNextA 50685->50775 50688 4037aa 50687->50688 50690 40377d 50687->50690 50689 403400 4 API calls 50688->50689 50693 4037a0 50689->50693 50690->50688 50691 403791 50690->50691 50692 4034e0 18 API calls 50691->50692 50692->50693 50694 42c99c 50693->50694 50695 42c9f5 50694->50695 50696 42c9b2 50694->50696 50695->50640 50695->50641 50696->50695 50776 42cb3c CharNextA 50696->50776 50777 42c674 50698->50777 50701 42c8e0 50703 403400 4 API calls 50701->50703 50702 42c8e9 50734->50613 50735->50613 50736->50613 50737->50622 50738->50613 50739->50613 50740->50644 50741->50613 50745 403494 4 API calls 50744->50745 50746 42cabc 50745->50746 50751 42caf2 50746->50751 50753 403744 50746->50753 50757 42c444 IsDBCSLeadByte 50746->50757 50749 42cb36 50749->50670 50751->50749 50758 4037b8 50751->50758 50763 42c444 IsDBCSLeadByte 50751->50763 50754 40374a 50753->50754 50756 40375b 50753->50756 50755 4034bc 18 API calls 50754->50755 50754->50756 50755->50756 50756->50746 50757->50746 50759 403744 18 API calls 50758->50759 50761 4037c6 50759->50761 50760 4037fc 50760->50751 50761->50760 50764 4038a4 50761->50764 50763->50751 50765 4038b1 50764->50765 50772 4038e1 50764->50772 50767 4038da 50765->50767 50769 4038bd 50765->50769 50766 403400 4 API calls 50768 4038cb 50766->50768 50770 4034bc 18 API calls 50767->50770 50768->50760 50773 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50769->50773 50770->50772 50772->50766 50773->50768 50774->50680 50775->50685 50776->50696 50780 42c67c 50777->50780 50779 42c67b 50779->50701 50779->50702 50783 42c68d 50780->50783 50781 42c6f1 50784 42c6ec 50781->50784 50788 42c444 IsDBCSLeadByte 50781->50788 50783->50781 50786 42c6ab 50783->50786 50784->50779 50786->50784 50787 42c444 IsDBCSLeadByte 50786->50787 50787->50786 50788->50784 50824 407908 50821->50824 50825 407925 50824->50825 50832 4075b8 50825->50832 50828 407951 50830 4034e0 18 API calls 50828->50830 50831 407903 50830->50831 50831->50291 50834 4075d3 50832->50834 50833 4075e5 50833->50828 50837 4069a0 19 API calls 50833->50837 50834->50833 50838 4076da 33 API calls 50834->50838 50839 4075ac LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50834->50839 50837->50828 50838->50834 50839->50834 50865 42cbc0 20 API calls 50864->50865 50866 42ccee 50865->50866 50867 42ccf6 GetFileAttributesA 50866->50867 50868 403400 4 API calls 50867->50868 50869 42cd13 50868->50869 50869->50297 50869->50599 50870->50311 50873 46a5fb 50871->50873 50872 46aa73 50874 46aa8e 50872->50874 50875 46aabf 50872->50875 50873->50872 50876 46a6b6 50873->50876 50879 403494 4 API calls 50873->50879 50878 403494 4 API calls 50874->50878 50880 403494 4 API calls 50875->50880 50877 46a6d7 50876->50877 50881 46a718 50876->50881 50882 403494 4 API calls 50877->50882 50883 46aa9c 50878->50883 50884 46a63a 50879->50884 50885 46aacd 50880->50885 50889 403400 4 API calls 50881->50889 50886 46a6e5 50882->50886 50983 468fd0 26 API calls 50883->50983 50888 414ae8 18 API calls 50884->50888 50984 468fd0 26 API calls 50885->50984 50891 414ae8 18 API calls 50886->50891 50893 46a65b 50888->50893 50894 46a716 50889->50894 50896 46a706 50891->50896 50892 46aaaa 50895 403400 4 API calls 50892->50895 50957 403634 50893->50957 50914 46a7fc 50894->50914 50963 4696dc 50894->50963 50899 46aaf0 50895->50899 50901 403634 18 API calls 50896->50901 50905 403400 4 API calls 50899->50905 50900 46a884 50903 403400 4 API calls 50900->50903 50901->50894 50907 46a882 50903->50907 50904 46a738 50908 46a776 50904->50908 50909 46a73e 50904->50909 50910 46aaf8 50905->50910 50978 469b18 57 API calls 50907->50978 50915 403400 4 API calls 50908->50915 50912 403494 4 API calls 50909->50912 50913 403420 4 API calls 50910->50913 50916 46a74c 50912->50916 50917 46ab05 50913->50917 50914->50900 50918 46a843 50914->50918 50919 46a774 50915->50919 50969 47bd90 50916->50969 50917->50317 50924 403494 4 API calls 50918->50924 50972 4699d0 50919->50972 50928 46a851 50924->50928 50926 46a8ad 50934 46a90e 50926->50934 50935 46a8b8 50926->50935 50927 46a764 50929 403634 18 API calls 50927->50929 50930 414ae8 18 API calls 50928->50930 50929->50919 50932 46a872 50930->50932 50936 403634 18 API calls 50932->50936 50933 46a79d 50939 46a7fe 50933->50939 50940 46a7a8 50933->50940 50937 403400 4 API calls 50934->50937 50938 403494 4 API calls 50935->50938 50936->50907 50941 46a916 50937->50941 50946 46a8c6 50938->50946 50943 403400 4 API calls 50939->50943 50942 403494 4 API calls 50940->50942 50944 46a90c 50941->50944 50955 46a9bf 50941->50955 50948 46a7b6 50942->50948 50943->50914 50944->50941 50979 494800 18 API calls 50944->50979 50946->50941 50946->50944 50949 403634 18 API calls 50946->50949 50947 46a939 50947->50955 50980 494aac 32 API calls 50947->50980 50948->50914 50951 403634 18 API calls 50948->50951 50949->50946 50951->50948 50953 46aa60 50982 429144 SendMessageA SendMessageA 50953->50982 50981 4290f4 SendMessageA 50955->50981 50956->50319 50958 40363c 50957->50958 50959 4034bc 18 API calls 50958->50959 50960 40364f 50959->50960 50961 403450 18 API calls 50960->50961 50962 403677 50961->50962 50985 42a040 SendMessageA 50963->50985 50965 4696eb 50966 46970b 50965->50966 50986 42a040 SendMessageA 50965->50986 50966->50904 50968 4696fb 50968->50904 50987 47bdb0 50969->50987 50976 4699fd 50972->50976 50973 469a5f 50974 403400 4 API calls 50973->50974 50975 469a74 50974->50975 50975->50933 50976->50973 51332 469954 57 API calls 50976->51332 50978->50926 50979->50947 50980->50955 50981->50953 50982->50872 50983->50892 50984->50892 50985->50965 50986->50968 50988 403494 4 API calls 50987->50988 50989 47bde3 50988->50989 50990 47bee8 50989->50990 50994 403778 18 API calls 50989->50994 50998 4037b8 18 API calls 50989->50998 50999 47ac24 50989->50999 51243 453344 18 API calls 50989->51243 51244 403800 50989->51244 51248 42c97c CharPrevA 50989->51248 50991 403420 4 API calls 50990->50991 50992 47bdab 50991->50992 50992->50927 50994->50989 50998->50989 51000 47ac76 50999->51000 51003 47ac54 50999->51003 51001 47ac96 51000->51001 51002 47ac84 51000->51002 51006 47aca4 51001->51006 51007 47acf9 51001->51007 51004 403494 4 API calls 51002->51004 51003->51000 51253 479b54 33 API calls 51003->51253 51096 47ac91 51004->51096 51009 47acd3 51006->51009 51010 47acad 51006->51010 51017 47ad07 51007->51017 51018 47ad1a 51007->51018 51008 403400 4 API calls 51012 47b61c 51008->51012 51011 47ace6 51009->51011 51255 453344 18 API calls 51009->51255 51013 47acc0 51010->51013 51254 453344 18 API calls 51010->51254 51015 403494 4 API calls 51011->51015 51016 403400 4 API calls 51012->51016 51020 403494 4 API calls 51013->51020 51015->51096 51021 47b624 51016->51021 51022 403494 4 API calls 51017->51022 51023 47ad3b 51018->51023 51024 47ad28 51018->51024 51020->51096 51021->50989 51022->51096 51026 47ad8b 51023->51026 51027 47ad49 51023->51027 51025 403494 4 API calls 51024->51025 51025->51096 51032 47adac 51026->51032 51033 47ad99 51026->51033 51028 47ad65 51027->51028 51029 47ad52 51027->51029 51031 47ad78 51028->51031 51256 453344 18 API calls 51028->51256 51030 403494 4 API calls 51029->51030 51030->51096 51035 403494 4 API calls 51031->51035 51037 47adcd 51032->51037 51038 47adba 51032->51038 51036 403494 4 API calls 51033->51036 51035->51096 51036->51096 51040 47adee 51037->51040 51041 47addb 51037->51041 51039 403494 4 API calls 51038->51039 51039->51096 51043 47ae0f 51040->51043 51044 47adfc 51040->51044 51042 403494 4 API calls 51041->51042 51042->51096 51046 47ae1d 51043->51046 51047 47ae4b 51043->51047 51045 403494 4 API calls 51044->51045 51045->51096 51048 47ae26 51046->51048 51049 47ae39 51046->51049 51052 47ae59 51047->51052 51053 47ae88 51047->51053 51050 403494 4 API calls 51048->51050 51051 47bd90 57 API calls 51049->51051 51050->51096 51051->51096 51054 47ae75 51052->51054 51055 47ae62 51052->51055 51058 47ae96 51053->51058 51059 47aec4 51053->51059 51057 403494 4 API calls 51054->51057 51056 403494 4 API calls 51055->51056 51056->51096 51057->51096 51060 47aeb2 51058->51060 51061 47ae9f 51058->51061 51064 47aed2 51059->51064 51065 47af01 51059->51065 51063 47bd90 57 API calls 51060->51063 51062 403494 4 API calls 51061->51062 51062->51096 51063->51096 51066 47aeee 51064->51066 51067 47aedb 51064->51067 51070 47af22 51065->51070 51071 47af0f 51065->51071 51069 403494 4 API calls 51066->51069 51068 403494 4 API calls 51067->51068 51068->51096 51069->51096 51073 47af43 51070->51073 51074 47af30 51070->51074 51072 403494 4 API calls 51071->51072 51072->51096 51076 47af51 51073->51076 51077 47af7c 51073->51077 51075 403494 4 API calls 51074->51075 51075->51096 51096->51008 51243->50989 51245 403804 51244->51245 51247 40382f 51244->51247 51246 4038a4 18 API calls 51245->51246 51246->51247 51247->50989 51248->50989 51253->51003 51254->51013 51255->51011 51256->51031 51332->50976 51334 47d809 51333->51334 51337 47d846 51333->51337 51365 455d0c 51334->51365 51337->50325 51339 47d85d 51339->50325 51484 466588 51340->51484 51343->50335 51345 42f56c 51344->51345 51346 42f58f GetActiveWindow GetFocus 51345->51346 51347 41eea4 2 API calls 51346->51347 51348 42f5a6 51347->51348 51349 42f5c3 51348->51349 51350 42f5b3 RegisterClassA 51348->51350 51351 42f652 SetFocus 51349->51351 51352 42f5d1 CreateWindowExA 51349->51352 51350->51349 51353 403400 4 API calls 51351->51353 51352->51351 51354 42f604 51352->51354 51355 42f66e 51353->51355 51515 42427c 51354->51515 51360 494aac 32 API calls 51355->51360 51357 42f62c 51358 42f634 CreateWindowExA 51357->51358 51358->51351 51359 42f64a ShowWindow 51358->51359 51359->51351 51360->50372 51521 44b514 51361->51521 51366 455d1d 51365->51366 51367 455d21 51366->51367 51368 455d2a 51366->51368 51391 455a10 51367->51391 51399 455af0 43 API calls 51368->51399 51371 455d27 51371->51337 51372 47d460 51371->51372 51378 47d55c 51372->51378 51381 47d4a0 51372->51381 51373 47d4ff 51374 403420 4 API calls 51373->51374 51375 47d63f 51374->51375 51375->51339 51378->51373 51383 47d5ad 51378->51383 51454 479150 51378->51454 51380 47bd90 57 API calls 51380->51383 51381->51373 51381->51378 51382 47bd90 57 API calls 51381->51382 51389 47d508 51381->51389 51428 479290 51381->51428 51439 4793f4 51381->51439 51382->51381 51383->51378 51383->51380 51385 454100 34 API calls 51383->51385 51387 47d549 51383->51387 51384 47bd90 57 API calls 51384->51389 51385->51383 51387->51373 51389->51381 51389->51384 51389->51387 51443 42c92c 51389->51443 51448 42c954 51389->51448 51453 47d16c 66 API calls 51389->51453 51400 42de1c 51391->51400 51393 455a2d 51394 455a7b 51393->51394 51403 455944 51393->51403 51394->51371 51397 455944 20 API calls 51398 455a5c RegCloseKey 51397->51398 51398->51371 51399->51371 51401 42de27 51400->51401 51402 42de2d RegOpenKeyExA 51400->51402 51401->51402 51402->51393 51408 42dd58 51403->51408 51405 403420 4 API calls 51406 4559f6 51405->51406 51406->51397 51407 45596c 51407->51405 51411 42dc00 51408->51411 51412 42dc26 RegQueryValueExA 51411->51412 51417 42dc49 51412->51417 51427 42dc6b 51412->51427 51413 403400 4 API calls 51415 42dd37 51413->51415 51414 42dc63 51416 403400 4 API calls 51414->51416 51415->51407 51416->51427 51417->51414 51418 4034e0 18 API calls 51417->51418 51419 403744 18 API calls 51417->51419 51417->51427 51418->51417 51420 42dca0 RegQueryValueExA 51419->51420 51420->51412 51422 42dcbc 51420->51422 51421 4038a4 18 API calls 51423 42dcfe 51421->51423 51422->51421 51422->51427 51424 42dd10 51423->51424 51426 403744 18 API calls 51423->51426 51425 403450 18 API calls 51424->51425 51425->51427 51426->51424 51427->51413 51429 4792a6 51428->51429 51430 4792a2 51428->51430 51431 403450 18 API calls 51429->51431 51430->51381 51432 4792b3 51431->51432 51433 4792d3 51432->51433 51434 4792b9 51432->51434 51435 479150 33 API calls 51433->51435 51436 479150 33 API calls 51434->51436 51437 4792cf 51435->51437 51436->51437 51438 403400 4 API calls 51437->51438 51438->51430 51440 479400 51439->51440 51441 47941b 51440->51441 51466 453344 18 API calls 51440->51466 51441->51381 51467 42c79c 51443->51467 51446 403778 18 API calls 51447 42c94e 51446->51447 51447->51389 51449 42c79c IsDBCSLeadByte 51448->51449 51450 42c964 51449->51450 51451 403778 18 API calls 51450->51451 51452 42c975 51451->51452 51452->51389 51453->51389 51455 47916b 51454->51455 51456 47922a 51455->51456 51459 47919c 51455->51459 51479 479004 33 API calls 51455->51479 51456->51378 51458 4791c1 51462 4791e2 51458->51462 51481 479004 33 API calls 51458->51481 51459->51458 51480 479004 33 API calls 51459->51480 51462->51456 51463 479222 51462->51463 51482 453344 18 API calls 51462->51482 51473 478e88 51463->51473 51466->51441 51468 42c67c IsDBCSLeadByte 51467->51468 51469 42c7b1 51468->51469 51470 42c7fb 51469->51470 51472 42c444 IsDBCSLeadByte 51469->51472 51470->51446 51472->51469 51474 478ec3 51473->51474 51475 403450 18 API calls 51474->51475 51476 478ee8 51475->51476 51483 477578 33 API calls 51476->51483 51478 478f29 51478->51456 51479->51459 51480->51458 51481->51462 51482->51463 51483->51478 51485 403494 4 API calls 51484->51485 51486 4665b6 51485->51486 51501 42dbc8 51486->51501 51489 42dbc8 19 API calls 51490 4665da 51489->51490 51491 466474 33 API calls 51490->51491 51492 4665e4 51491->51492 51493 42dbc8 19 API calls 51492->51493 51494 4665f3 51493->51494 51504 4664ec 51494->51504 51497 42dbc8 19 API calls 51498 46660c 51497->51498 51499 403400 4 API calls 51498->51499 51500 466621 51499->51500 51500->50329 51508 42db10 51501->51508 51505 46650c 51504->51505 51506 4078f4 33 API calls 51505->51506 51507 466556 51506->51507 51507->51497 51509 42db30 51508->51509 51510 42dbbb 51508->51510 51509->51510 51511 4037b8 18 API calls 51509->51511 51513 403800 18 API calls 51509->51513 51514 42c444 IsDBCSLeadByte 51509->51514 51510->51489 51511->51509 51513->51509 51514->51509 51516 4242ae 51515->51516 51517 42428e GetWindowTextA 51515->51517 51519 403494 4 API calls 51516->51519 51518 4034e0 18 API calls 51517->51518 51520 4242ac 51518->51520 51519->51520 51520->51357 51524 44b38c 51521->51524 51525 44b3bf 51524->51525 51526 414ae8 18 API calls 51525->51526 51527 44b3d2 51526->51527 51528 44b3ff GetDC 51527->51528 51529 40357c 18 API calls 51527->51529 51535 41a1e8 51528->51535 51529->51528 51532 44b430 51543 44b0c0 51532->51543 51536 41a2af 51535->51536 51537 41a213 51535->51537 51538 403400 4 API calls 51536->51538 51554 403520 51537->51554 51539 41a2c7 SelectObject 51538->51539 51539->51532 51541 41a26b 51542 41a2a3 CreateFontIndirectA 51541->51542 51542->51536 51544 44b0d7 51543->51544 51545 44b16a 51544->51545 51546 44b0ea 51544->51546 51547 44b153 51544->51547 51546->51545 51555 4034e0 18 API calls 51554->51555 51556 40352a 51555->51556 51556->51541 51559 46514b 51557->51559 51558 465226 51568 466f00 51558->51568 51559->51558 51563 46519b 51559->51563 51580 421a1c 51559->51580 51560 4651de 51560->51558 51586 4185b8 21 API calls 51560->51586 51563->51560 51564 4651d5 51563->51564 51565 4651e0 51563->51565 51566 421a1c 21 API calls 51564->51566 51567 421a1c 21 API calls 51565->51567 51566->51560 51567->51560 51569 466f30 51568->51569 51570 466f11 51568->51570 51569->50396 51571 414b18 18 API calls 51570->51571 51572 466f1f 51571->51572 51573 414b18 18 API calls 51572->51573 51573->51569 51583 421a74 51580->51583 51585 421a2a 51580->51585 51583->51563 51584 421a59 51584->51583 51595 421d28 SetFocus GetFocus 51584->51595 51585->51584 51587 408cbc 51585->51587 51586->51558 51588 408cc8 51587->51588 51596 406dec LoadStringA 51588->51596 51591 403450 18 API calls 51592 408cf9 51591->51592 51593 403400 4 API calls 51592->51593 51594 408d0e 51593->51594 51594->51584 51595->51583 51597 4034e0 18 API calls 51596->51597 51598 406e19 51597->51598 51598->51591 51643 46c619 51642->51643 51644 46c666 51643->51644 51645 414ae8 18 API calls 51643->51645 51647 403420 4 API calls 51644->51647 51646 46c62f 51645->51646 51849 466798 20 API calls 51646->51849 51649 46c710 51647->51649 51649->50476 51841 408be0 19 API calls 51649->51841 51650 46c637 51651 414b18 18 API calls 51650->51651 51652 46c645 51651->51652 51653 46c652 51652->51653 51655 46c66b 51652->51655 51850 47eab4 56 API calls 51653->51850 51656 46c683 51655->51656 51657 46687c CharNextA 51655->51657 51851 47eab4 56 API calls 51656->51851 51659 46c67f 51657->51659 51659->51656 51660 46c699 51659->51660 51661 46c6b5 51660->51661 51662 46c69f 51660->51662 51663 42c99c CharNextA 51661->51663 51852 47eab4 56 API calls 51662->51852 51665 46c6c2 51663->51665 51665->51644 51853 466908 18 API calls 51665->51853 51667 46c6d9 51668 451458 18 API calls 51667->51668 51669 46c6e6 51668->51669 51854 47eab4 56 API calls 51669->51854 51672 4241ed SetActiveWindow 51671->51672 51677 424223 51671->51677 51855 42364c 51672->51855 51676 42420a 51676->51677 51678 42421d SetFocus 51676->51678 51677->50488 51677->50489 51678->51677 51680 481fe9 51679->51680 51681 481fbb 51679->51681 51683 4759c0 51680->51683 51868 49485c 32 API calls 51681->51868 51869 457b60 51683->51869 51687 475a16 51893 46e17c 51687->51893 51842->50484 51849->51650 51850->51644 51851->51644 51852->51644 51853->51667 51854->51644 51864 4235f8 SystemParametersInfoA 51855->51864 51857 423665 ShowWindow 51860 423670 51857->51860 51861 423677 51857->51861 51867 423628 SystemParametersInfoA 51860->51867 51863 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 51861->51863 51863->51676 51865 423616 51864->51865 51865->51857 51866 423628 SystemParametersInfoA 51865->51866 51866->51857 51867->51861 51868->51680 51870 457c94 51869->51870 51871 457b8c 51869->51871 51872 457ce5 51870->51872 52345 4573c8 20 API calls 51870->52345 52341 45785c GetSystemTimeAsFileTime FileTimeToSystemTime 51871->52341 51875 403400 4 API calls 51872->51875 51877 457cfa 51875->51877 51876 457b94 51878 4078f4 33 API calls 51876->51878 51890 4072a8 51877->51890 51879 457c05 51878->51879 52342 457b50 34 API calls 51879->52342 51881 403778 18 API calls 51885 457c0d 51881->51885 51882 457c5b 51883 457c8a 51882->51883 51887 403778 18 API calls 51882->51887 52344 457b50 34 API calls 51883->52344 51885->51881 51885->51882 51886 457b50 34 API calls 51885->51886 51886->51885 51891 403738 51890->51891 51892 4072b2 SetCurrentDirectoryA 51891->51892 51892->51687 52341->51876 52342->51885 52344->51870 52345->51872 53552 431eec 53513->53552 53515 403400 4 API calls 53516 43da76 53515->53516 53516->50545 53516->50546 53517 43d9f2 53517->53515 53519 431bd6 53518->53519 53520 402648 18 API calls 53519->53520 53521 431c06 53520->53521 53522 494368 53521->53522 53523 49443d 53522->53523 53524 494382 53522->53524 53529 494480 53523->53529 53524->53523 53525 433d6c 18 API calls 53524->53525 53528 403450 18 API calls 53524->53528 53557 408c0c 18 API calls 53524->53557 53558 431ca0 53524->53558 53525->53524 53528->53524 53530 49449c 53529->53530 53566 433d6c 53530->53566 53532 4944a1 53533 431ca0 18 API calls 53532->53533 53534 4944ac 53533->53534 53535 43d594 53534->53535 53536 43d5c1 53535->53536 53541 43d5b3 53535->53541 53536->50556 53537 43d63d 53545 43d6f7 53537->53545 53569 447084 53537->53569 53539 43d688 53575 43dd50 53539->53575 53541->53536 53541->53537 53542 447084 18 API calls 53541->53542 53542->53541 53543 43d8fd 53543->53536 53595 447024 18 API calls 53543->53595 53545->53543 53546 43d8de 53545->53546 53593 447024 18 API calls 53545->53593 53594 447024 18 API calls 53546->53594 53549->50558 53550->50560 53551->50547 53553 403494 4 API calls 53552->53553 53555 431efb 53553->53555 53554 431f25 53554->53517 53555->53554 53556 403744 18 API calls 53555->53556 53556->53555 53557->53524 53559 431cc0 53558->53559 53560 431cae 53558->53560 53562 431ce2 53559->53562 53565 431c40 18 API calls 53559->53565 53564 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53560->53564 53562->53524 53564->53559 53565->53562 53567 402648 18 API calls 53566->53567 53568 433d7b 53567->53568 53568->53532 53570 4470a3 53569->53570 53571 4470aa 53569->53571 53596 446e30 18 API calls 53570->53596 53573 431ca0 18 API calls 53571->53573 53574 4470ba 53573->53574 53574->53539 53576 43dd6c 53575->53576 53581 43dd99 53575->53581 53577 402660 4 API calls 53576->53577 53576->53581 53577->53576 53578 43ddce 53578->53545 53580 43fea5 53580->53578 53606 447024 18 API calls 53580->53606 53581->53578 53581->53580 53582 447024 18 API calls 53581->53582 53584 43c938 18 API calls 53581->53584 53585 433b18 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53585 53589 433d18 18 API calls 53581->53589 53590 436650 18 API calls 53581->53590 53591 431c40 18 API calls 53581->53591 53592 446e30 18 API calls 53581->53592 53597 4396e0 53581->53597 53603 436e4c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53603 53604 43dc48 32 API calls 53581->53604 53605 433d34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53605 53582->53581 53584->53581 53585->53581 53589->53581 53590->53581 53591->53581 53592->53581 53593->53545 53594->53543 53595->53543 53596->53571 53598 4396e9 53597->53598 53599 403400 4 API calls 53598->53599 53600 43c8e8 53599->53600 53607 403a38 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53600->53607 53603->53581 53604->53581 53605->53581 53606->53580 53609 4358e0 53610 4358f5 53609->53610 53614 43590f 53610->53614 53615 4352c8 53610->53615 53619 4352f8 53615->53619 53625 435312 53615->53625 53616 403400 4 API calls 53617 435717 53616->53617 53617->53614 53628 435728 18 API calls 53617->53628 53618 446da4 18 API calls 53618->53619 53619->53618 53620 403450 18 API calls 53619->53620 53621 402648 18 API calls 53619->53621 53623 431ca0 18 API calls 53619->53623 53624 4038a4 18 API calls 53619->53624 53619->53625 53626 403744 18 API calls 53619->53626 53629 4343b0 53619->53629 53641 434b74 18 API calls 53619->53641 53620->53619 53621->53619 53623->53619 53624->53619 53625->53616 53626->53619 53628->53614 53630 43446d 53629->53630 53631 4343dd 53629->53631 53660 434310 18 API calls 53630->53660 53633 403494 4 API calls 53631->53633 53635 4343eb 53633->53635 53634 43445f 53636 403400 4 API calls 53634->53636 53637 403778 18 API calls 53635->53637 53638 4344bd 53636->53638 53639 43440c 53637->53639 53638->53619 53639->53634 53642 4944b4 53639->53642 53641->53619 53643 4944ec 53642->53643 53644 494584 53642->53644 53645 403494 4 API calls 53643->53645 53661 448930 53644->53661 53649 4944f7 53645->53649 53647 403400 4 API calls 53648 4945a8 53647->53648 53650 403400 4 API calls 53648->53650 53651 4037b8 18 API calls 53649->53651 53654 494507 53649->53654 53652 4945b0 53650->53652 53653 494520 53651->53653 53652->53639 53653->53654 53655 4037b8 18 API calls 53653->53655 53654->53647 53656 494543 53655->53656 53657 403778 18 API calls 53656->53657 53658 494574 53657->53658 53659 403634 18 API calls 53658->53659 53659->53644 53660->53634 53662 448955 53661->53662 53672 448998 53661->53672 53663 403494 4 API calls 53662->53663 53665 448960 53663->53665 53664 4489ac 53667 403400 4 API calls 53664->53667 53669 4037b8 18 API calls 53665->53669 53668 4489df 53667->53668 53668->53654 53670 44897c 53669->53670 53671 4037b8 18 API calls 53670->53671 53671->53672 53672->53664 53673 44852c 53672->53673 53674 403494 4 API calls 53673->53674 53675 448562 53674->53675 53676 4037b8 18 API calls 53675->53676 53677 448574 53676->53677 53678 403778 18 API calls 53677->53678 53679 448595 53678->53679 53680 4037b8 18 API calls 53679->53680 53681 4485ad 53680->53681 53682 403778 18 API calls 53681->53682 53683 4485d8 53682->53683 53684 4037b8 18 API calls 53683->53684 53695 4485f0 53684->53695 53685 448628 53687 403420 4 API calls 53685->53687 53686 4486c3 53690 4486cb GetProcAddress 53686->53690 53691 448708 53687->53691 53688 44864b LoadLibraryExA 53688->53695 53689 44865d LoadLibraryA 53689->53695 53692 4486de 53690->53692 53691->53664 53692->53685 53693 403b80 18 API calls 53693->53695 53694 403450 18 API calls 53694->53695 53695->53685 53695->53686 53695->53688 53695->53689 53695->53693 53695->53694 53697 43da88 18 API calls 53695->53697 53697->53695 53698 416b42 53699 416bea 53698->53699 53700 416b5a 53698->53700 53717 41531c 18 API calls 53699->53717 53702 416b74 SendMessageA 53700->53702 53703 416b68 53700->53703 53713 416bc8 53702->53713 53704 416b72 CallWindowProcA 53703->53704 53705 416b8e 53703->53705 53704->53713 53714 41a058 GetSysColor 53705->53714 53708 416b99 SetTextColor 53709 416bae 53708->53709 53715 41a058 GetSysColor 53709->53715 53711 416bb3 SetBkColor 53716 41a6e0 GetSysColor CreateBrushIndirect 53711->53716 53714->53708 53715->53711 53716->53713 53717->53713 53718 416644 53719 416651 53718->53719 53720 4166ab 53718->53720 53725 416550 CreateWindowExA 53719->53725 53721 416658 SetPropA SetPropA 53721->53720 53722 41668b 53721->53722 53723 41669e SetWindowPos 53722->53723 53723->53720 53725->53721 53726 4222e4 53727 4222f3 53726->53727 53732 421274 53727->53732 53730 422313 53733 4212e3 53732->53733 53747 421283 53732->53747 53736 4212f4 53733->53736 53757 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 53733->53757 53735 421322 53739 421395 53735->53739 53744 42133d 53735->53744 53736->53735 53738 4213ba 53736->53738 53737 421393 53740 4213e6 53737->53740 53759 421e2c 25 API calls 53737->53759 53738->53737 53742 4213ce SetMenu 53738->53742 53739->53737 53746 4213a9 53739->53746 53760 4211bc 24 API calls 53740->53760 53742->53737 53744->53737 53750 421360 GetMenu 53744->53750 53745 4213ed 53745->53730 53755 4221e8 10 API calls 53745->53755 53749 4213b2 SetMenu 53746->53749 53747->53733 53756 408d2c 33 API calls 53747->53756 53749->53737 53751 421383 53750->53751 53752 42136a 53750->53752 53758 4124d0 GetMenuItemCount GetMenuStringA GetMenuState 53751->53758 53754 42137d SetMenu 53752->53754 53754->53751 53755->53730 53756->53747 53757->53736 53758->53737 53759->53740 53760->53745 53761 480441 53766 451004 53761->53766 53763 480455 53776 47f4f0 53763->53776 53765 480479 53767 451011 53766->53767 53769 451065 53767->53769 53782 408c0c 18 API calls 53767->53782 53770 450e88 InterlockedExchange 53769->53770 53771 451077 53770->53771 53773 45108d 53771->53773 53783 408c0c 18 API calls 53771->53783 53774 4510d0 53773->53774 53784 408c0c 18 API calls 53773->53784 53774->53763 53785 40b3c8 53776->53785 53778 47f55d 53778->53765 53779 4069dc 18 API calls 53780 47f512 53779->53780 53780->53778 53780->53779 53789 4764b4 53780->53789 53782->53769 53783->53773 53784->53774 53786 40b3d3 53785->53786 53787 40b3f3 53786->53787 53805 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53786->53805 53787->53780 53801 47652e 53789->53801 53802 4764e5 53789->53802 53790 476579 53806 451294 53790->53806 53791 451294 35 API calls 53791->53802 53793 451294 35 API calls 53793->53801 53794 476590 53796 403420 4 API calls 53794->53796 53795 4038a4 18 API calls 53795->53802 53798 4765aa 53796->53798 53797 4038a4 18 API calls 53797->53801 53798->53780 53799 403744 18 API calls 53799->53802 53800 403450 18 API calls 53800->53802 53801->53790 53801->53793 53801->53797 53803 403450 18 API calls 53801->53803 53804 403744 18 API calls 53801->53804 53802->53791 53802->53795 53802->53799 53802->53800 53802->53801 53803->53801 53804->53801 53805->53787 53807 4512a4 53806->53807 53808 4512af 53806->53808 53807->53794 53812 451238 35 API calls 53808->53812 53810 4512ba 53810->53807 53813 408c0c 18 API calls 53810->53813 53812->53810 53813->53807 53814 44b4a8 53815 44b4b6 53814->53815 53817 44b4d5 53814->53817 53816 44b38c 25 API calls 53815->53816 53815->53817 53816->53817 53818 448728 53819 448756 53818->53819 53820 44875d 53818->53820 53823 403400 4 API calls 53819->53823 53821 448771 53820->53821 53824 44852c 21 API calls 53820->53824 53821->53819 53822 403494 4 API calls 53821->53822 53825 44878a 53822->53825 53826 448907 53823->53826 53824->53821 53827 4037b8 18 API calls 53825->53827 53828 4487a6 53827->53828 53829 4037b8 18 API calls 53828->53829 53830 4487c2 53829->53830 53830->53819 53831 4487d6 53830->53831 53832 4037b8 18 API calls 53831->53832 53833 4487f0 53832->53833 53834 431bd0 18 API calls 53833->53834 53835 448812 53834->53835 53836 431ca0 18 API calls 53835->53836 53837 448832 53835->53837 53836->53835 53840 448870 53837->53840 53861 4435d0 18 API calls 53837->53861 53844 448888 53840->53844 53862 4435d0 18 API calls 53840->53862 53841 4488bc GetLastError 53863 4484c0 18 API calls 53841->53863 53850 442334 53844->53850 53845 4488cb 53864 443610 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53845->53864 53847 4488e0 53865 443620 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53847->53865 53849 4488e8 53851 443312 53850->53851 53852 44236d 53850->53852 53854 403400 4 API calls 53851->53854 53853 403400 4 API calls 53852->53853 53855 442375 53853->53855 53856 443327 53854->53856 53857 431bd0 18 API calls 53855->53857 53856->53841 53859 442381 53857->53859 53858 443302 53858->53841 53859->53858 53866 441a0c 18 API calls 53859->53866 53861->53837 53862->53844 53863->53845 53864->53847 53865->53849 53866->53859 53867 4165ec DestroyWindow 53868 4915e4 53869 49161e 53868->53869 53870 49162a 53869->53870 53871 491620 53869->53871 53873 491639 53870->53873 53874 491662 53870->53874 54064 409098 MessageBeep 53871->54064 53876 446ff8 32 API calls 53873->53876 53879 49169a 53874->53879 53880 491671 53874->53880 53875 403420 4 API calls 53877 491c76 53875->53877 53878 491646 53876->53878 53881 403400 4 API calls 53877->53881 54065 406bb0 53878->54065 53889 4916a9 53879->53889 53890 4916d2 53879->53890 53883 446ff8 32 API calls 53880->53883 53884 491c7e 53881->53884 53886 49167e 53883->53886 54073 406c00 18 API calls 53886->54073 53892 446ff8 32 API calls 53889->53892 53895 4916fa 53890->53895 53896 4916e1 53890->53896 53891 491689 54074 44734c 19 API calls 53891->54074 53894 4916b6 53892->53894 54075 406c34 18 API calls 53894->54075 53903 491709 53895->53903 53904 49172e 53895->53904 54077 407280 19 API calls 53896->54077 53899 4916c1 54076 44734c 19 API calls 53899->54076 53901 4916e9 54078 44734c 19 API calls 53901->54078 53906 446ff8 32 API calls 53903->53906 53909 49173d 53904->53909 53910 491766 53904->53910 53905 491625 53905->53875 53907 491716 53906->53907 53908 4072a8 SetCurrentDirectoryA 53907->53908 53911 49171e 53908->53911 53912 446ff8 32 API calls 53909->53912 53915 49179e 53910->53915 53916 491775 53910->53916 54079 4470d0 19 API calls 53911->54079 53914 49174a 53912->53914 53917 42c804 19 API calls 53914->53917 53923 4917ea 53915->53923 53924 4917ad 53915->53924 53918 446ff8 32 API calls 53916->53918 53919 491755 53917->53919 53920 491782 53918->53920 54080 44734c 19 API calls 53919->54080 54081 4071f8 22 API calls 53920->54081 53929 4917f9 53923->53929 53930 491822 53923->53930 53926 446ff8 32 API calls 53924->53926 53925 49178d 54082 44734c 19 API calls 53925->54082 53928 4917bc 53926->53928 53931 446ff8 32 API calls 53928->53931 53932 446ff8 32 API calls 53929->53932 53936 49185a 53930->53936 53937 491831 53930->53937 53933 4917cd 53931->53933 53935 491806 53932->53935 54083 4912e8 22 API calls 53933->54083 53939 42c8a4 19 API calls 53935->53939 53946 491869 53936->53946 53947 491892 53936->53947 53940 446ff8 32 API calls 53937->53940 53938 4917d9 54084 44734c 19 API calls 53938->54084 53942 491811 53939->53942 53943 49183e 53940->53943 54085 44734c 19 API calls 53942->54085 53945 42c8cc 19 API calls 53943->53945 53948 491849 53945->53948 53949 446ff8 32 API calls 53946->53949 53952 4918ca 53947->53952 53953 4918a1 53947->53953 54086 44734c 19 API calls 53948->54086 53951 491876 53949->53951 54087 42c8fc 19 API calls 53951->54087 53960 4918d9 53952->53960 53961 491902 53952->53961 53955 446ff8 32 API calls 53953->53955 53958 4918ae 53955->53958 53956 491881 54088 44734c 19 API calls 53956->54088 53959 42c92c 19 API calls 53958->53959 53963 4918b9 53959->53963 53962 446ff8 32 API calls 53960->53962 53967 49194e 53961->53967 53968 491911 53961->53968 53964 4918e6 53962->53964 54089 44734c 19 API calls 53963->54089 53966 42c954 19 API calls 53964->53966 53969 4918f1 53966->53969 53973 49195d 53967->53973 53974 4919a0 53967->53974 53970 446ff8 32 API calls 53968->53970 54090 44734c 19 API calls 53969->54090 53972 491920 53970->53972 53975 446ff8 32 API calls 53972->53975 53976 446ff8 32 API calls 53973->53976 53980 4919af 53974->53980 53981 491a13 53974->53981 53977 491931 53975->53977 53978 491970 53976->53978 54091 42c4f8 19 API calls 53977->54091 53982 446ff8 32 API calls 53978->53982 53985 446ff8 32 API calls 53980->53985 53989 491a52 53981->53989 53990 491a22 53981->53990 53986 491981 53982->53986 53983 49193d 54092 44734c 19 API calls 53983->54092 53987 4919bc 53985->53987 54093 4914e0 26 API calls 53986->54093 54056 42c608 21 API calls 53987->54056 54001 491a91 53989->54001 54002 491a61 53989->54002 53993 446ff8 32 API calls 53990->53993 53992 49198f 54094 44734c 19 API calls 53992->54094 53996 491a2f 53993->53996 53994 4919ca 53997 4919ce 53994->53997 53998 491a03 53994->53998 54097 452908 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 53996->54097 54000 446ff8 32 API calls 53997->54000 54096 4470d0 19 API calls 53998->54096 54005 4919dd 54000->54005 54011 491ad0 54001->54011 54012 491aa0 54001->54012 54006 446ff8 32 API calls 54002->54006 54004 491a3c 54098 4470d0 19 API calls 54004->54098 54057 452c80 54005->54057 54009 491a6e 54006->54009 54010 452770 5 API calls 54009->54010 54015 491a7b 54010->54015 54020 491b18 54011->54020 54021 491adf 54011->54021 54016 446ff8 32 API calls 54012->54016 54013 491a4d 54013->53905 54014 4919ed 54095 4470d0 19 API calls 54014->54095 54099 4470d0 19 API calls 54015->54099 54019 491aad 54016->54019 54100 452e10 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 54019->54100 54028 491b60 54020->54028 54029 491b27 54020->54029 54023 446ff8 32 API calls 54021->54023 54025 491aee 54023->54025 54024 491aba 54101 4470d0 19 API calls 54024->54101 54027 446ff8 32 API calls 54025->54027 54030 491aff 54027->54030 54034 491b73 54028->54034 54040 491c29 54028->54040 54031 446ff8 32 API calls 54029->54031 54036 447278 19 API calls 54030->54036 54032 491b36 54031->54032 54033 446ff8 32 API calls 54032->54033 54035 491b47 54033->54035 54037 446ff8 32 API calls 54034->54037 54041 447278 19 API calls 54035->54041 54036->53905 54038 491ba0 54037->54038 54039 446ff8 32 API calls 54038->54039 54042 491bb7 54039->54042 54040->53905 54105 446f9c 32 API calls 54040->54105 54041->53905 54102 407ddc 21 API calls 54042->54102 54044 491c42 54045 42e8c8 19 API calls 54044->54045 54046 491c4a 54045->54046 54106 44734c 19 API calls 54046->54106 54049 491bd9 54050 446ff8 32 API calls 54049->54050 54051 491bed 54050->54051 54103 408508 18 API calls 54051->54103 54053 491bf8 54104 44734c 19 API calls 54053->54104 54055 491c04 54056->53994 54058 452724 2 API calls 54057->54058 54060 452c99 54058->54060 54059 452c9d 54059->54014 54060->54059 54061 452cc1 MoveFileA GetLastError 54060->54061 54062 452760 Wow64RevertWow64FsRedirection 54061->54062 54063 452ce7 54062->54063 54063->54014 54064->53905 54066 406bbf 54065->54066 54067 406be1 54066->54067 54068 406bd8 54066->54068 54070 403778 18 API calls 54067->54070 54069 403400 4 API calls 54068->54069 54071 406bdf 54069->54071 54070->54071 54072 44734c 19 API calls 54071->54072 54072->53905 54073->53891 54074->53905 54075->53899 54076->53905 54077->53901 54078->53905 54079->53905 54080->53905 54081->53925 54082->53905 54083->53938 54084->53905 54085->53905 54086->53905 54087->53956 54088->53905 54089->53905 54090->53905 54091->53983 54092->53905 54093->53992 54094->53905 54095->53905 54096->53905 54097->54004 54098->54013 54099->53905 54100->54024 54101->53905 54102->54049 54103->54053 54104->54055 54105->54044 54106->53905 54107 42e3ef SetErrorMode 54108 441394 54109 44139d 54108->54109 54110 4413ab WriteFile 54108->54110 54109->54110 54111 4413b6 54110->54111 54112 498718 54170 403344 54112->54170 54114 498726 54173 4056a0 54114->54173 54116 49872b 54176 40631c GetModuleHandleA GetProcAddress 54116->54176 54120 498735 54184 40994c 54120->54184 54451 4032fc 54170->54451 54172 403349 GetModuleHandleA GetCommandLineA 54172->54114 54175 4056db 54173->54175 54452 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54173->54452 54175->54116 54177 406338 54176->54177 54178 40633f GetProcAddress 54176->54178 54177->54178 54179 406355 GetProcAddress 54178->54179 54180 40634e 54178->54180 54181 406364 SetProcessDEPPolicy 54179->54181 54182 406368 54179->54182 54180->54179 54181->54182 54183 4063c4 6F9C1CD0 54182->54183 54183->54120 54453 409024 54184->54453 54451->54172 54452->54175 54454 408cbc 19 API calls 54453->54454 54455 409035 54454->54455 54456 4085dc GetSystemDefaultLCID 54455->54456 54457 408612 54456->54457 54458 403450 18 API calls 54457->54458 54459 406dec 19 API calls 54457->54459 54460 408568 19 API calls 54457->54460 54463 408674 54457->54463 54458->54457 54459->54457 54460->54457 54461 406dec 19 API calls 54461->54463 54462 408568 19 API calls 54462->54463 54463->54461 54463->54462 54464 403450 18 API calls 54463->54464 54465 4086f7 54463->54465 54464->54463 54466 403420 4 API calls 54465->54466 54467 408711 54466->54467 54468 408720 GetSystemDefaultLCID 54467->54468 54525 408568 GetLocaleInfoA 54468->54525 54471 403450 18 API calls 54472 408760 54471->54472 54473 408568 19 API calls 54472->54473 54474 408775 54473->54474 54475 408568 19 API calls 54474->54475 54476 408799 54475->54476 54531 4085b4 GetLocaleInfoA 54476->54531 54479 4085b4 GetLocaleInfoA 54480 4087c9 54479->54480 54481 408568 19 API calls 54480->54481 54482 4087e3 54481->54482 54483 4085b4 GetLocaleInfoA 54482->54483 54484 408800 54483->54484 54485 408568 19 API calls 54484->54485 54486 40881a 54485->54486 54526 4085a1 54525->54526 54527 40858f 54525->54527 54529 403494 4 API calls 54526->54529 54528 4034e0 18 API calls 54527->54528 54530 40859f 54528->54530 54529->54530 54530->54471 54532 4085d0 54531->54532 54532->54479 55906 4804db 55907 4804e4 55906->55907 55908 48050f 55906->55908 55907->55908 55909 480501 55907->55909 55912 48054e 55908->55912 56280 47ef88 18 API calls 55908->56280 56278 476770 203 API calls 55909->56278 55911 480572 55919 4805ae 55911->55919 55920 480590 55911->55920 55912->55911 55915 480565 55912->55915 55916 480567 55912->55916 55914 480541 56281 47eff0 56 API calls 55914->56281 55923 47efcc 56 API calls 55915->55923 56282 47f060 56 API calls 55916->56282 55917 480506 55917->55908 56279 408be0 19 API calls 55917->56279 56285 47ee20 38 API calls 55919->56285 55924 4805a5 55920->55924 56283 47eff0 56 API calls 55920->56283 55923->55911 56284 47ee20 38 API calls 55924->56284 55928 4805ac 55929 4805be 55928->55929 55930 4805c4 55928->55930 55931 4805c2 55929->55931 55934 47efcc 56 API calls 55929->55934 55930->55931 55932 47efcc 56 API calls 55930->55932 56032 47c15c 55931->56032 55932->55931 55934->55931 56033 42d898 GetWindowsDirectoryA 56032->56033 56034 47c180 56033->56034 56035 403450 18 API calls 56034->56035 56036 47c18d 56035->56036 56037 42d8c4 GetSystemDirectoryA 56036->56037 56038 47c195 56037->56038 56039 403450 18 API calls 56038->56039 56040 47c1a2 56039->56040 56041 42d8f0 6 API calls 56040->56041 56042 47c1aa 56041->56042 56043 403450 18 API calls 56042->56043 56044 47c1b7 56043->56044 56045 47c1c0 56044->56045 56046 47c1dc 56044->56046 56317 42d208 56045->56317 56048 403400 4 API calls 56046->56048 56050 47c1da 56048->56050 56052 47c221 56050->56052 56053 42c8cc 19 API calls 56050->56053 56051 403450 18 API calls 56051->56050 56297 47bfe4 56052->56297 56055 47c1fc 56053->56055 56057 403450 18 API calls 56055->56057 56059 47c209 56057->56059 56058 403450 18 API calls 56060 47c23d 56058->56060 56059->56052 56062 403450 18 API calls 56059->56062 56061 47c25b 56060->56061 56063 4035c0 18 API calls 56060->56063 56064 47bfe4 22 API calls 56061->56064 56062->56052 56063->56061 56065 47c26a 56064->56065 56066 403450 18 API calls 56065->56066 56067 47c277 56066->56067 56068 47c29f 56067->56068 56069 42c3fc 19 API calls 56067->56069 56070 47c306 56068->56070 56073 47bfe4 22 API calls 56068->56073 56071 47c28d 56069->56071 56072 47c3ce 56070->56072 56077 47c326 SHGetKnownFolderPath 56070->56077 56076 4035c0 18 API calls 56071->56076 56074 47c3d7 56072->56074 56075 47c3f8 56072->56075 56078 47c2b7 56073->56078 56079 42c3fc 19 API calls 56074->56079 56080 42c3fc 19 API calls 56075->56080 56076->56068 56081 47c340 56077->56081 56082 47c37b SHGetKnownFolderPath 56077->56082 56083 403450 18 API calls 56078->56083 56084 47c3e4 56079->56084 56085 47c405 56080->56085 56327 403ba4 21 API calls 56081->56327 56082->56072 56087 47c395 56082->56087 56092 47c2c4 56083->56092 56328 403ba4 21 API calls 56087->56328 56090 47c35b CoTaskMemFree 56091 47c2d7 56092->56091 56325 453344 18 API calls 56092->56325 56278->55917 56280->55914 56281->55912 56282->55911 56283->55924 56284->55928 56285->55928 56298 42de1c RegOpenKeyExA 56297->56298 56299 47c00a 56298->56299 56300 47c030 56299->56300 56301 47c00e 56299->56301 56303 403400 4 API calls 56300->56303 56302 42dd4c 20 API calls 56301->56302 56304 47c01a 56302->56304 56305 47c037 56303->56305 56306 47c025 RegCloseKey 56304->56306 56307 403400 4 API calls 56304->56307 56305->56058 56306->56305 56307->56306 56318 4038a4 18 API calls 56317->56318 56319 42d21b 56318->56319 56320 42d232 GetEnvironmentVariableA 56319->56320 56324 42d245 56319->56324 56329 42dbd0 18 API calls 56319->56329 56320->56319 56321 42d23e 56320->56321 56323 403400 4 API calls 56321->56323 56323->56324 56324->56051 56325->56091 56327->56090 56329->56319 57792 40cc34 57795 406f10 WriteFile 57792->57795 57796 406f2d 57795->57796 57797 41ee54 57798 41ee63 IsWindowVisible 57797->57798 57799 41ee99 57797->57799 57798->57799 57800 41ee6d IsWindowEnabled 57798->57800 57800->57799 57801 41ee77 57800->57801 57802 402648 18 API calls 57801->57802 57803 41ee81 EnableWindow 57802->57803 57803->57799 57804 41fb58 57805 41fb61 57804->57805 57808 41fdfc 57805->57808 57807 41fb6e 57809 41feee 57808->57809 57810 41fe13 57808->57810 57809->57807 57810->57809 57829 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57810->57829 57812 41fe49 57813 41fe73 57812->57813 57814 41fe4d 57812->57814 57839 41f9bc GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 57813->57839 57830 41fb9c 57814->57830 57818 41fe81 57820 41fe85 57818->57820 57821 41feab 57818->57821 57819 41fb9c 10 API calls 57823 41fe71 57819->57823 57824 41fb9c 10 API calls 57820->57824 57822 41fb9c 10 API calls 57821->57822 57825 41febd 57822->57825 57823->57807 57826 41fe97 57824->57826 57827 41fb9c 10 API calls 57825->57827 57828 41fb9c 10 API calls 57826->57828 57827->57823 57828->57823 57829->57812 57831 41fbb7 57830->57831 57832 41fbcd 57831->57832 57833 41f93c 4 API calls 57831->57833 57840 41f93c 57832->57840 57833->57832 57835 41fc15 57836 41fc38 SetScrollInfo 57835->57836 57848 41fa9c 57836->57848 57839->57818 57841 4181e0 57840->57841 57842 41f959 GetWindowLongA 57841->57842 57843 41f996 57842->57843 57844 41f976 57842->57844 57860 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 57843->57860 57859 41f8c8 GetWindowLongA GetSystemMetrics GetSystemMetrics 57844->57859 57847 41f982 57847->57835 57849 41faaa 57848->57849 57850 41fab2 57848->57850 57849->57819 57851 41faef 57850->57851 57852 41faf1 57850->57852 57853 41fae1 57850->57853 57855 41fb31 GetScrollPos 57851->57855 57862 417e48 IsWindowVisible ScrollWindow SetWindowPos 57852->57862 57861 417e48 IsWindowVisible ScrollWindow SetWindowPos 57853->57861 57855->57849 57857 41fb3c 57855->57857 57858 41fb4b SetScrollPos 57857->57858 57858->57849 57859->57847 57860->57847 57861->57851 57862->57851 57863 420598 57864 4205ab 57863->57864 57884 415b30 57864->57884 57866 4206f2 57867 420709 57866->57867 57891 4146d4 KiUserCallbackDispatcher 57866->57891 57871 420720 57867->57871 57892 414718 KiUserCallbackDispatcher 57867->57892 57868 420651 57889 420848 34 API calls 57868->57889 57869 4205e6 57869->57866 57869->57868 57877 420642 MulDiv 57869->57877 57874 420742 57871->57874 57893 420060 12 API calls 57871->57893 57875 42066a 57875->57866 57890 420060 12 API calls 57875->57890 57888 41a304 19 API calls 57877->57888 57880 420687 57881 4206a3 MulDiv 57880->57881 57882 4206c6 57880->57882 57881->57882 57882->57866 57883 4206cf MulDiv 57882->57883 57883->57866 57885 415b42 57884->57885 57894 414470 57885->57894 57887 415b5a 57887->57869 57888->57868 57889->57875 57890->57880 57891->57867 57892->57871 57893->57874 57895 41448a 57894->57895 57898 410458 57895->57898 57897 4144a0 57897->57887 57901 40dca4 57898->57901 57900 41045e 57900->57897 57902 40dd06 57901->57902 57903 40dcb7 57901->57903 57908 40dd14 57902->57908 57906 40dd14 33 API calls 57903->57906 57907 40dce1 57906->57907 57907->57900 57909 40dd24 57908->57909 57911 40dd3a 57909->57911 57920 40e09c 57909->57920 57936 40d5e0 57909->57936 57939 40df4c 57911->57939 57914 40dd42 57915 40d5e0 19 API calls 57914->57915 57916 40ddae 57914->57916 57942 40db60 57914->57942 57915->57914 57918 40df4c 19 API calls 57916->57918 57919 40dd10 57918->57919 57919->57900 57921 40e96c 19 API calls 57920->57921 57922 40e0d7 57921->57922 57923 403778 18 API calls 57922->57923 57924 40e18d 57922->57924 58010 40d774 19 API calls 57922->58010 58011 40e080 19 API calls 57922->58011 57923->57922 57925 40e1b7 57924->57925 57926 40e1a8 57924->57926 58007 40ba24 57925->58007 57956 40e3c0 57926->57956 57932 40e1b5 57933 403400 4 API calls 57932->57933 57934 40e25c 57933->57934 57934->57909 57937 40ea08 19 API calls 57936->57937 57938 40d5ea 57937->57938 57938->57909 58044 40d4bc 57939->58044 57943 40df54 19 API calls 57942->57943 57944 40db93 57943->57944 57945 40e96c 19 API calls 57944->57945 57946 40db9e 57945->57946 57947 40e96c 19 API calls 57946->57947 57948 40dba9 57947->57948 57949 40dbc4 57948->57949 57950 40dbbb 57948->57950 57955 40dbc1 57948->57955 58053 40d9d8 57949->58053 58056 40dac8 33 API calls 57950->58056 57953 403420 4 API calls 57954 40dc8f 57953->57954 57954->57914 57955->57953 57957 40e3f6 57956->57957 57958 40e3ec 57956->57958 57960 40e511 57957->57960 57961 40e495 57957->57961 57962 40e4f6 57957->57962 57963 40e576 57957->57963 57964 40e438 57957->57964 57965 40e4d9 57957->57965 57966 40e47a 57957->57966 57967 40e4bb 57957->57967 57978 40e45c 57957->57978 58013 40d440 19 API calls 57958->58013 57969 40d764 19 API calls 57960->57969 58021 40de24 19 API calls 57961->58021 58026 40e890 19 API calls 57962->58026 57973 40d764 19 API calls 57963->57973 58014 40d764 57964->58014 58024 40e9a8 19 API calls 57965->58024 58020 40d818 19 API calls 57966->58020 58023 40dde4 19 API calls 57967->58023 57979 40e519 57969->57979 57972 403400 4 API calls 57980 40e5eb 57972->57980 57981 40e57e 57973->57981 57977 40e4a0 58022 40d470 19 API calls 57977->58022 57978->57972 57985 40e523 57979->57985 57986 40e51d 57979->57986 57980->57932 57987 40e582 57981->57987 57988 40e59b 57981->57988 57982 40e4e4 58025 409d38 18 API calls 57982->58025 58027 40ea08 57985->58027 57995 40e521 57986->57995 57996 40e53c 57986->57996 57998 40ea08 19 API calls 57987->57998 58033 40de24 19 API calls 57988->58033 57990 40e461 58019 40ded8 19 API calls 57990->58019 57991 40e444 58017 40de24 19 API calls 57991->58017 58031 40de24 19 API calls 57995->58031 58000 40ea08 19 API calls 57996->58000 57998->57978 57999 40e44f 58018 40e26c 19 API calls 57999->58018 58001 40e544 58000->58001 58030 40d8a0 19 API calls 58001->58030 58004 40e566 58032 40e2d4 18 API calls 58004->58032 58039 40b9d0 58007->58039 58010->57922 58011->57922 58012 40d774 19 API calls 58012->57932 58013->57957 58015 40ea08 19 API calls 58014->58015 58016 40d76e 58015->58016 58016->57990 58016->57991 58017->57999 58018->57978 58019->57978 58020->57978 58021->57977 58022->57978 58023->57978 58024->57982 58025->57978 58026->57978 58034 40d780 58027->58034 58030->57978 58031->58004 58032->57978 58033->57978 58037 40d78b 58034->58037 58035 40d7c5 58035->57978 58037->58035 58038 40d7cc 19 API calls 58037->58038 58038->58037 58040 40b9e2 58039->58040 58042 40ba07 58039->58042 58040->58042 58043 40ba84 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 58040->58043 58042->57932 58042->58012 58043->58042 58045 40ea08 19 API calls 58044->58045 58046 40d4c9 58045->58046 58047 40d4dc 58046->58047 58051 40eb0c 19 API calls 58046->58051 58047->57914 58049 40d4d7 58052 40d458 19 API calls 58049->58052 58051->58049 58052->58047 58057 40ab7c 33 API calls 58053->58057 58055 40da00 58055->57955 58056->57955 58057->58055 58058 41363c SetWindowLongA GetWindowLongA 58059 413699 SetPropA SetPropA 58058->58059 58060 41367b GetWindowLongA 58058->58060 58065 41f39c 58059->58065 58060->58059 58061 41368a SetWindowLongA 58060->58061 58061->58059 58070 415270 58065->58070 58077 423c0c 58065->58077 58171 423a84 58065->58171 58066 4136e9 58071 41527d 58070->58071 58072 4152e3 58071->58072 58073 4152d8 58071->58073 58075 4152e1 58071->58075 58178 424b8c 13 API calls 58072->58178 58073->58075 58179 41505c 60 API calls 58073->58179 58075->58066 58082 423c42 58077->58082 58080 423cec 58083 423cf3 58080->58083 58084 423d27 58080->58084 58081 423c8d 58085 423c93 58081->58085 58086 423d50 58081->58086 58105 423c63 58082->58105 58180 423b68 58082->58180 58087 423fb1 58083->58087 58088 423cf9 58083->58088 58091 423d32 58084->58091 58092 42409a IsIconic 58084->58092 58089 423cc5 58085->58089 58090 423c98 58085->58090 58093 423d62 58086->58093 58094 423d6b 58086->58094 58087->58105 58146 423fd7 IsWindowEnabled 58087->58146 58096 423f13 SendMessageA 58088->58096 58097 423d07 58088->58097 58089->58105 58121 423cde 58089->58121 58122 423e3f 58089->58122 58099 423df6 58090->58099 58100 423c9e 58090->58100 58101 4240d6 58091->58101 58102 423d3b 58091->58102 58098 4240ae GetFocus 58092->58098 58092->58105 58103 423d78 58093->58103 58104 423d69 58093->58104 58187 424194 11 API calls 58094->58187 58096->58105 58097->58105 58112 423cc0 58097->58112 58133 423f56 58097->58133 58098->58105 58107 4240bf 58098->58107 58192 423b84 NtdllDefWindowProc_A 58099->58192 58108 423ca7 58100->58108 58109 423e1e PostMessageA 58100->58109 58201 424850 WinHelpA PostMessageA 58101->58201 58102->58112 58113 4240ed 58102->58113 58106 4241dc 11 API calls 58103->58106 58188 423b84 NtdllDefWindowProc_A 58104->58188 58105->58066 58106->58105 58200 41eff4 GetCurrentThreadId EnumThreadWindows 58107->58200 58117 423cb0 58108->58117 58118 423ea5 58108->58118 58193 423b84 NtdllDefWindowProc_A 58109->58193 58112->58105 58186 423b84 NtdllDefWindowProc_A 58112->58186 58119 4240f6 58113->58119 58120 42410b 58113->58120 58125 423cb9 58117->58125 58126 423dce IsIconic 58117->58126 58127 423eae 58118->58127 58128 423edf 58118->58128 58129 4244d4 19 API calls 58119->58129 58202 42452c LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 58120->58202 58121->58112 58130 423e0b 58121->58130 58184 423b84 NtdllDefWindowProc_A 58122->58184 58124 4240c6 58124->58105 58134 4240ce SetFocus 58124->58134 58125->58112 58135 423d91 58125->58135 58138 423dea 58126->58138 58139 423dde 58126->58139 58195 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 58127->58195 58185 423b84 NtdllDefWindowProc_A 58128->58185 58129->58105 58142 424178 26 API calls 58130->58142 58132 423e45 58143 423e83 58132->58143 58144 423e61 58132->58144 58133->58105 58157 423f78 IsWindowEnabled 58133->58157 58134->58105 58135->58105 58189 422c4c ShowWindow PostMessageA PostQuitMessage 58135->58189 58137 423e39 58137->58105 58191 423b84 NtdllDefWindowProc_A 58138->58191 58190 423bc0 29 API calls 58139->58190 58142->58105 58151 423a84 6 API calls 58143->58151 58194 423b14 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SetWindowPos 58144->58194 58145 423eb6 58153 423ec8 58145->58153 58159 41ef58 6 API calls 58145->58159 58146->58105 58154 423fe5 58146->58154 58149 423ee5 58155 423efd 58149->58155 58161 41eea4 2 API calls 58149->58161 58158 423e8b PostMessageA 58151->58158 58196 423b84 NtdllDefWindowProc_A 58153->58196 58164 423fec IsWindowVisible 58154->58164 58162 423a84 6 API calls 58155->58162 58156 423e69 PostMessageA 58156->58105 58157->58105 58163 423f86 58157->58163 58158->58105 58159->58153 58161->58155 58162->58105 58197 412310 21 API calls 58163->58197 58164->58105 58166 423ffa GetFocus 58164->58166 58167 4181e0 58166->58167 58168 42400f SetFocus 58167->58168 58198 415240 58168->58198 58172 423b0d 58171->58172 58173 423a94 58171->58173 58172->58066 58173->58172 58174 423a9a EnumWindows 58173->58174 58174->58172 58175 423ab6 GetWindow GetWindowLongA 58174->58175 58203 423a1c GetWindow 58174->58203 58176 423ad5 58175->58176 58176->58172 58177 423b01 SetWindowPos 58176->58177 58177->58172 58177->58176 58178->58075 58179->58075 58181 423b72 58180->58181 58182 423b7d 58180->58182 58181->58182 58183 408720 21 API calls 58181->58183 58182->58080 58182->58081 58183->58182 58184->58132 58185->58149 58186->58105 58187->58105 58188->58105 58189->58105 58190->58105 58191->58105 58192->58105 58193->58137 58194->58156 58195->58145 58196->58105 58197->58105 58199 41525b SetFocus 58198->58199 58199->58105 58200->58124 58201->58137 58202->58137 58204 423a3d GetWindowLongA 58203->58204 58205 423a49 58203->58205 58204->58205
                                                                                                            Strings
                                                                                                            • @, xrefs: 00470624
                                                                                                            • Installing into GAC, xrefs: 00471588
                                                                                                            • Time stamp of existing file: (failed to read), xrefs: 004708AB
                                                                                                            • Installing the file., xrefs: 00470D7D
                                                                                                            • Same version. Skipping., xrefs: 00470B59
                                                                                                            • Failed to strip read-only attribute., xrefs: 00470D47
                                                                                                            • Incrementing shared file count (32-bit)., xrefs: 00471419
                                                                                                            • Version of our file: (none), xrefs: 00470970
                                                                                                            • Dest file is protected by Windows File Protection., xrefs: 00470761
                                                                                                            • Same time stamp. Skipping., xrefs: 00470BC9
                                                                                                            • , xrefs: 00470A43, 00470C14, 00470C92
                                                                                                            • Time stamp of our file: (failed to read), xrefs: 0047081B
                                                                                                            • Existing file is a newer version. Skipping., xrefs: 00470A76
                                                                                                            • Dest filename: %s, xrefs: 00470708
                                                                                                            • Time stamp of existing file: %s, xrefs: 0047089F
                                                                                                            • Non-default bitness: 64-bit, xrefs: 00470723
                                                                                                            • InUn, xrefs: 00470FD3
                                                                                                            • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470B29
                                                                                                            • Skipping due to "onlyifdoesntexist" flag., xrefs: 00470842
                                                                                                            • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470B38
                                                                                                            • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470D0A
                                                                                                            • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470B44
                                                                                                            • Version of existing file: %u.%u.%u.%u, xrefs: 004709F0
                                                                                                            • Dest file exists., xrefs: 0047082F
                                                                                                            • Incrementing shared file count (64-bit)., xrefs: 00471400
                                                                                                            • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470D6E
                                                                                                            • Version of our file: %u.%u.%u.%u, xrefs: 00470964
                                                                                                            • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470C60
                                                                                                            • Will register the file (a DLL/OCX) later., xrefs: 00471393
                                                                                                            • .tmp, xrefs: 00470E2B
                                                                                                            • Uninstaller requires administrator: %s, xrefs: 00471003
                                                                                                            • Couldn't read time stamp. Skipping., xrefs: 00470BA9
                                                                                                            • Version of existing file: (none), xrefs: 00470B6E
                                                                                                            • User opted not to overwrite the existing file. Skipping., xrefs: 00470CC1
                                                                                                            • Time stamp of our file: %s, xrefs: 0047080F
                                                                                                            • -- File entry --, xrefs: 0047056F
                                                                                                            • Existing file has a later time stamp. Skipping., xrefs: 00470C43
                                                                                                            • Stripped read-only attribute., xrefs: 00470D3B
                                                                                                            • Will register the file (a type library) later., xrefs: 00471387
                                                                                                            • Non-default bitness: 32-bit, xrefs: 0047072F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing into GAC$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.
                                                                                                            • API String ID: 0-4021121268
                                                                                                            • Opcode ID: 9d68f8344ce4977df8583e247318b1194b32105c4f4fc62b9f0a4044c1636d2c
                                                                                                            • Instruction ID: b563e12d89f4af072a7005ff78b426759e5259748c8527a90f65f129335a0b73
                                                                                                            • Opcode Fuzzy Hash: 9d68f8344ce4977df8583e247318b1194b32105c4f4fc62b9f0a4044c1636d2c
                                                                                                            • Instruction Fuzzy Hash: 0B925234A0424CDFDB11DFA9C485BDDBBB5AF05308F1480ABE848A7392D778AE45CB59

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1578 42e09c-42e0ad 1579 42e0b8-42e0dd AllocateAndInitializeSid 1578->1579 1580 42e0af-42e0b3 1578->1580 1581 42e287-42e28f 1579->1581 1582 42e0e3-42e100 GetVersion 1579->1582 1580->1581 1583 42e102-42e117 GetModuleHandleA GetProcAddress 1582->1583 1584 42e119-42e11b 1582->1584 1583->1584 1585 42e142-42e15c GetCurrentThread OpenThreadToken 1584->1585 1586 42e11d-42e12b CheckTokenMembership 1584->1586 1589 42e193-42e1bb GetTokenInformation 1585->1589 1590 42e15e-42e168 GetLastError 1585->1590 1587 42e131-42e13d 1586->1587 1588 42e269-42e27f FreeSid 1586->1588 1587->1588 1593 42e1d6-42e1fa call 402648 GetTokenInformation 1589->1593 1594 42e1bd-42e1c5 GetLastError 1589->1594 1591 42e174-42e187 GetCurrentProcess OpenProcessToken 1590->1591 1592 42e16a-42e16f call 4031bc 1590->1592 1591->1589 1597 42e189-42e18e call 4031bc 1591->1597 1592->1581 1604 42e208-42e210 1593->1604 1605 42e1fc-42e206 call 4031bc * 2 1593->1605 1594->1593 1598 42e1c7-42e1d1 call 4031bc * 2 1594->1598 1597->1581 1598->1581 1609 42e212-42e213 1604->1609 1610 42e243-42e261 call 402660 CloseHandle 1604->1610 1605->1581 1614 42e215-42e228 EqualSid 1609->1614 1617 42e22a-42e237 1614->1617 1618 42e23f-42e241 1614->1618 1617->1618 1620 42e239-42e23d 1617->1620 1618->1610 1618->1614 1620->1610
                                                                                                            APIs
                                                                                                            • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0D6
                                                                                                            • GetVersion.KERNEL32(00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0F3
                                                                                                            • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E10C
                                                                                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E112
                                                                                                            • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E280,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E127
                                                                                                            • FreeSid.ADVAPI32(00000000,0042E287,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E27A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                                                            • String ID: 1{I$CheckTokenMembership$advapi32.dll
                                                                                                            • API String ID: 2252812187-4020693264
                                                                                                            • Opcode ID: 99385c8667cd0eb2f7e8a761a457fbfbdd7e71a8091fdfbf45cde5befae85eff
                                                                                                            • Instruction ID: e5677345bf142a8b1d9111380f95962c8bb8cf61ba8e960ca5c3fd0f127139eb
                                                                                                            • Opcode Fuzzy Hash: 99385c8667cd0eb2f7e8a761a457fbfbdd7e71a8091fdfbf45cde5befae85eff
                                                                                                            • Instruction Fuzzy Hash: E351A271B44215EEEB10EAE69C42BBF77ACEB09704F9404BBB901F7281D57C99018B79

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1642 4502c0-4502cd 1643 4502d3-4502e0 GetVersion 1642->1643 1644 45037c-450386 1642->1644 1643->1644 1645 4502e6-4502fc LoadLibraryA 1643->1645 1645->1644 1646 4502fe-450377 GetProcAddress * 6 1645->1646 1646->1644
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32(00480636), ref: 004502D3
                                                                                                            • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480636), ref: 004502EB
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmStartSession), ref: 00450309
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmRegisterResources), ref: 0045031E
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmGetList), ref: 00450333
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmShutdown), ref: 00450348
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmRestart), ref: 0045035D
                                                                                                            • GetProcAddress.KERNEL32(6E820000,RmEndSession), ref: 00450372
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoadVersion
                                                                                                            • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                                                            • API String ID: 1968650500-3419246398
                                                                                                            • Opcode ID: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                            • Instruction ID: c77cef2ad5653e61b65a4477cbb73d0d56cf7b8a9d174f96be3e9b6947252677
                                                                                                            • Opcode Fuzzy Hash: 2681632e5309952c30eea3f8c2bf2722b4339596373eceda0d07b93e3cd0d7e4
                                                                                                            • Instruction Fuzzy Hash: B211F7B4510301DBD710FB61BF45A2E36E9E728315B08063FE804961A2CB7C4844CF8C

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1790 423c0c-423c40 1791 423c42-423c43 1790->1791 1792 423c74-423c8b call 423b68 1790->1792 1794 423c45-423c61 call 40b24c 1791->1794 1797 423cec-423cf1 1792->1797 1798 423c8d 1792->1798 1827 423c63-423c6b 1794->1827 1828 423c70-423c72 1794->1828 1800 423cf3 1797->1800 1801 423d27-423d2c 1797->1801 1802 423c93-423c96 1798->1802 1803 423d50-423d60 1798->1803 1804 423fb1-423fb9 1800->1804 1805 423cf9-423d01 1800->1805 1808 423d32-423d35 1801->1808 1809 42409a-4240a8 IsIconic 1801->1809 1806 423cc5-423cc8 1802->1806 1807 423c98 1802->1807 1810 423d62-423d67 1803->1810 1811 423d6b-423d73 call 424194 1803->1811 1816 424152-42415a 1804->1816 1822 423fbf-423fca call 4181e0 1804->1822 1814 423f13-423f3a SendMessageA 1805->1814 1815 423d07-423d0c 1805->1815 1823 423da9-423db0 1806->1823 1824 423cce-423ccf 1806->1824 1818 423df6-423e06 call 423b84 1807->1818 1819 423c9e-423ca1 1807->1819 1820 4240d6-4240eb call 424850 1808->1820 1821 423d3b-423d3c 1808->1821 1809->1816 1817 4240ae-4240b9 GetFocus 1809->1817 1825 423d78-423d80 call 4241dc 1810->1825 1826 423d69-423d8c call 423b84 1810->1826 1811->1816 1814->1816 1841 423d12-423d13 1815->1841 1842 42404a-424055 1815->1842 1830 424171-424177 1816->1830 1817->1816 1833 4240bf-4240c8 call 41eff4 1817->1833 1818->1816 1834 423ca7-423caa 1819->1834 1835 423e1e-423e3a PostMessageA call 423b84 1819->1835 1820->1816 1844 423d42-423d45 1821->1844 1845 4240ed-4240f4 1821->1845 1822->1816 1877 423fd0-423fdf call 4181e0 IsWindowEnabled 1822->1877 1823->1816 1838 423db6-423dbd 1823->1838 1839 423cd5-423cd8 1824->1839 1840 423f3f-423f46 1824->1840 1825->1816 1826->1816 1827->1830 1828->1792 1828->1794 1833->1816 1889 4240ce-4240d4 SetFocus 1833->1889 1851 423cb0-423cb3 1834->1851 1852 423ea5-423eac 1834->1852 1835->1816 1838->1816 1857 423dc3-423dc9 1838->1857 1858 423cde-423ce1 1839->1858 1859 423e3f-423e5f call 423b84 1839->1859 1840->1816 1847 423f4c-423f51 call 404e54 1840->1847 1860 424072-42407d 1841->1860 1861 423d19-423d1c 1841->1861 1842->1816 1863 42405b-42406d 1842->1863 1864 424120-424127 1844->1864 1865 423d4b 1844->1865 1854 4240f6-424109 call 4244d4 1845->1854 1855 42410b-42411e call 42452c 1845->1855 1847->1816 1872 423cb9-423cba 1851->1872 1873 423dce-423ddc IsIconic 1851->1873 1874 423eae-423ec1 call 423b14 1852->1874 1875 423edf-423ef0 call 423b84 1852->1875 1854->1816 1855->1816 1857->1816 1878 423ce7 1858->1878 1879 423e0b-423e19 call 424178 1858->1879 1904 423e83-423ea0 call 423a84 PostMessageA 1859->1904 1905 423e61-423e7e call 423b14 PostMessageA 1859->1905 1860->1816 1866 424083-424095 1860->1866 1883 423d22 1861->1883 1884 423f56-423f5e 1861->1884 1863->1816 1881 42413a-424149 1864->1881 1882 424129-424138 1864->1882 1885 42414b-42414c call 423b84 1865->1885 1866->1816 1890 423cc0 1872->1890 1891 423d91-423d99 1872->1891 1897 423dea-423df1 call 423b84 1873->1897 1898 423dde-423de5 call 423bc0 1873->1898 1919 423ed3-423eda call 423b84 1874->1919 1920 423ec3-423ecd call 41ef58 1874->1920 1924 423ef2-423ef8 call 41eea4 1875->1924 1925 423f06-423f0e call 423a84 1875->1925 1877->1816 1921 423fe5-423ff4 call 4181e0 IsWindowVisible 1877->1921 1878->1885 1879->1816 1881->1816 1882->1816 1883->1885 1884->1816 1888 423f64-423f6b 1884->1888 1913 424151 1885->1913 1888->1816 1906 423f71-423f80 call 4181e0 IsWindowEnabled 1888->1906 1889->1816 1890->1885 1891->1816 1907 423d9f-423da4 call 422c4c 1891->1907 1897->1816 1898->1816 1904->1816 1905->1816 1906->1816 1935 423f86-423f9c call 412310 1906->1935 1907->1816 1913->1816 1919->1816 1920->1919 1921->1816 1942 423ffa-424045 GetFocus call 4181e0 SetFocus call 415240 SetFocus 1921->1942 1939 423efd-423f00 1924->1939 1925->1816 1935->1816 1945 423fa2-423fac 1935->1945 1939->1925 1942->1816 1945->1816
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b9e250b99cf182ccbef41989ebe76349b30642d984367dffe3cd9cb4059d0181
                                                                                                            • Instruction ID: afb4f91cf4018cf9acc1c9974f14325182323c15c0e0405bd0f9b005e596376e
                                                                                                            • Opcode Fuzzy Hash: b9e250b99cf182ccbef41989ebe76349b30642d984367dffe3cd9cb4059d0181
                                                                                                            • Instruction Fuzzy Hash: 03E1AE31700124EFDB04DF69E989AADB7B5FB54300FA440AAE5559B352C73CEE81DB09
                                                                                                            APIs
                                                                                                              • Part of subcall function 0049543C: GetWindowRect.USER32(00000000), ref: 00495452
                                                                                                            • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 004675E7
                                                                                                              • Part of subcall function 0041D6B0: GetObjectA.GDI32(?,00000018,00467601), ref: 0041D6DB
                                                                                                              • Part of subcall function 00466FF4: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467097
                                                                                                              • Part of subcall function 00466FF4: ExtractIconA.SHELL32(00400000,00000000,?), ref: 004670BD
                                                                                                              • Part of subcall function 00466FF4: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467114
                                                                                                              • Part of subcall function 004669B4: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046769C,00000000,00000000,00000000,0000000C,00000000), ref: 004669CC
                                                                                                              • Part of subcall function 004956C0: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 004956CA
                                                                                                              • Part of subcall function 0042ED38: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                              • Part of subcall function 0042ED38: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                              • Part of subcall function 0049538C: GetDC.USER32(00000000), ref: 004953AE
                                                                                                              • Part of subcall function 0049538C: SelectObject.GDI32(?,00000000), ref: 004953D4
                                                                                                              • Part of subcall function 0049538C: ReleaseDC.USER32(00000000,?), ref: 00495425
                                                                                                              • Part of subcall function 004956B0: MulDiv.KERNEL32(0000004B,?,00000006), ref: 004956BA
                                                                                                            • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,0219FA78,021A17D8,?,?,021A1808,?,?,021A1858,?), ref: 00468271
                                                                                                            • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00468282
                                                                                                            • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0046829A
                                                                                                              • Part of subcall function 0042A05C: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A072
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$AppendExtractIconObject$AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectReleaseSelectSendSystemUserWindow
                                                                                                            • String ID: $(Default)$STOPIMAGE
                                                                                                            • API String ID: 3231140908-770201673
                                                                                                            • Opcode ID: d8aa18b457e06c76cf1710bd301156fff42577b8956d306d2f0c8863d05d0704
                                                                                                            • Instruction ID: 95164e1e617b107b44698f642e4cc1154f551ad52f4085116ed94e07ec8bca55
                                                                                                            • Opcode Fuzzy Hash: d8aa18b457e06c76cf1710bd301156fff42577b8956d306d2f0c8863d05d0704
                                                                                                            • Instruction Fuzzy Hash: BEF2C6786005148FCB00EB59D9D9F9973F1BF49304F1542BAE9049B36ADB74EC4ACB8A
                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474E55
                                                                                                            • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474F32
                                                                                                            • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,00474F66,?,?,0049C1DC,00000000), ref: 00474F40
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                            • String ID: unins$unins???.*
                                                                                                            • API String ID: 3541575487-1009660736
                                                                                                            • Opcode ID: 5e576b03208d2e259677c02318acd6f2ad4d278db2359f1cb77b12eb5b061527
                                                                                                            • Instruction ID: 31c653d7bd6b2cf4ad5ba67a359891eda5ad6ed959604e3cb46055c530bb22dc
                                                                                                            • Opcode Fuzzy Hash: 5e576b03208d2e259677c02318acd6f2ad4d278db2359f1cb77b12eb5b061527
                                                                                                            • Instruction Fuzzy Hash: 2A313370A001089FCB10EF65D991ADEB7A9DF85318F51C4B6F80CA76A2DB389F418B58
                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452A9D
                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,00452AC3,?,?,-00000001,00000000), ref: 00452AA5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileFindFirstLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 873889042-0
                                                                                                            • Opcode ID: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                            • Instruction ID: 3e58272229af866f17ac5928e9872a720c3be2d4903e778e839a846eb7d55d53
                                                                                                            • Opcode Fuzzy Hash: 9c675a8f1f28b386d0fa8c71b8ecb41695e84785a8bb79b0d9bc0322d07a8b6a
                                                                                                            • Instruction Fuzzy Hash: 94F0F971A04604AB8B10EF669D4149EF7ACEB8672571046BBFC14E3282DAB84E0485A8
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32(?,0046DFEE), ref: 0046DF62
                                                                                                            • CoCreateInstance.OLE32(00499B84,00000000,00000001,00499B94,?,?,0046DFEE), ref: 0046DF7E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateInstanceVersion
                                                                                                            • String ID:
                                                                                                            • API String ID: 1462612201-0
                                                                                                            • Opcode ID: 590230f93a95ca5811c62fe34acfb8e2c0307c22a832fa8ed403bfd539588e2d
                                                                                                            • Instruction ID: 3442edb0ea1fabc64a92ad6c3e34ff78e3c28f6093e8310d9e86ee8e53d0260d
                                                                                                            • Opcode Fuzzy Hash: 590230f93a95ca5811c62fe34acfb8e2c0307c22a832fa8ed403bfd539588e2d
                                                                                                            • Instruction Fuzzy Hash: 4EF0A031B85200DEEB14A7A9DC45B463BD4BB24328F04007BF0448B295E3AC9850861F
                                                                                                            APIs
                                                                                                            • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale
                                                                                                            • String ID:
                                                                                                            • API String ID: 2299586839-0
                                                                                                            • Opcode ID: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                            • Instruction ID: 8daab3ef8e56b0da8b8c23f45c5b5388ad46b50bd825570c2d348c61856efc62
                                                                                                            • Opcode Fuzzy Hash: 64da881718ef9bfb5c3691e8182369eeaf442f2681d4624e7b5adc518b999176
                                                                                                            • Instruction Fuzzy Hash: BFE0223170021466C311AA2A9C86AEAB34C9758310F00427FB904E73C2EDB89E4042A8
                                                                                                            APIs
                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424151,?,00000000,0042415C), ref: 00423BAE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NtdllProc_Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 4255912815-0
                                                                                                            • Opcode ID: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                            • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                                                                            • Opcode Fuzzy Hash: 03c86555d74cd6010afd77b9e61a524e96c156e733cd5bd8e2feacc4387cef90
                                                                                                            • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NameUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2645101109-0
                                                                                                            • Opcode ID: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                            • Instruction ID: 9f318ec9847dd9a6abcb639c8bc611599857aea0b867fcad4bfaeec6bdb042bf
                                                                                                            • Opcode Fuzzy Hash: 969018677e36c7ee3cac7a31a88a81c68082f6a067fe28717e4d5eb0c099a74a
                                                                                                            • Instruction Fuzzy Hash: 8FD0C27230470473CB00AA689C825AA35CD8B84305F00483E3CC5DA2C3FABDDA485756
                                                                                                            APIs
                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F53C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NtdllProc_Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 4255912815-0
                                                                                                            • Opcode ID: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                            • Instruction ID: 7ca9c19e24a5def9c493c34941f9da96f9ca037215ec7a65a90973bf7a04e639
                                                                                                            • Opcode Fuzzy Hash: 9e43cbcd657a147b44e82c26281af1c584f356d37a2e763e4ec43db1fd6d4cd6
                                                                                                            • Instruction Fuzzy Hash: FCD09E7120011D7B9B00DE99E840D6B33AD9B88710B909925F945D7642D634ED9197A5

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 844 46eecc-46eefe 845 46ef00-46ef07 844->845 846 46ef1b 844->846 847 46ef12-46ef19 845->847 848 46ef09-46ef10 845->848 849 46ef22-46ef5a call 403634 call 403738 call 42dec0 846->849 847->849 848->846 848->847 856 46ef75-46ef9e call 403738 call 42dde4 849->856 857 46ef5c-46ef70 call 403738 call 42dec0 849->857 865 46efa0-46efa9 call 46eb9c 856->865 866 46efae-46efd7 call 46ecb8 856->866 857->856 865->866 870 46efe9-46efec call 403400 866->870 871 46efd9-46efe7 call 403494 866->871 874 46eff1-46f03c call 46ecb8 call 42c3fc call 46ed00 call 46ecb8 870->874 871->874 884 46f052-46f073 call 45559c call 46ecb8 874->884 885 46f03e-46f051 call 46ed28 874->885 892 46f075-46f0c8 call 46ecb8 call 431404 call 46ecb8 call 431404 call 46ecb8 884->892 893 46f0c9-46f0d0 884->893 885->884 892->893 895 46f0d2-46f10f call 431404 call 46ecb8 call 431404 call 46ecb8 893->895 896 46f110-46f117 893->896 895->896 899 46f158-46f17d call 40b24c call 46ecb8 896->899 900 46f119-46f157 call 46ecb8 * 3 896->900 918 46f17f-46f18a call 47bd90 899->918 919 46f18c-46f195 call 403494 899->919 900->899 929 46f19a-46f1a5 call 478924 918->929 919->929 934 46f1a7-46f1ac 929->934 935 46f1ae 929->935 936 46f1b3-46f37d call 403778 call 46ecb8 call 47bd90 call 46ed00 call 403494 call 40357c * 2 call 46ecb8 call 403494 call 40357c * 2 call 46ecb8 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 call 46ed00 call 47bd90 934->936 935->936 999 46f393-46f3a1 call 46ed28 936->999 1000 46f37f-46f391 call 46ecb8 936->1000 1004 46f3a6 999->1004 1005 46f3a7-46f3f0 call 46ed28 call 46ed5c call 46ecb8 call 47bd90 call 46edc0 1000->1005 1004->1005 1016 46f416-46f423 1005->1016 1017 46f3f2-46f415 call 46ed28 * 2 1005->1017 1019 46f4f2-46f4f9 1016->1019 1020 46f429-46f430 1016->1020 1017->1016 1024 46f553-46f569 RegCloseKey 1019->1024 1025 46f4fb-46f531 call 49485c 1019->1025 1022 46f432-46f439 1020->1022 1023 46f49d-46f4ac 1020->1023 1022->1023 1028 46f43b-46f45f call 430bcc 1022->1028 1027 46f4af-46f4bc 1023->1027 1025->1024 1032 46f4d3-46f4ec call 430c08 call 46ed28 1027->1032 1033 46f4be-46f4cb 1027->1033 1028->1027 1039 46f461-46f462 1028->1039 1042 46f4f1 1032->1042 1033->1032 1035 46f4cd-46f4d1 1033->1035 1035->1019 1035->1032 1041 46f464-46f48a call 40b24c call 479150 1039->1041 1047 46f497-46f499 1041->1047 1048 46f48c-46f492 call 430bcc 1041->1048 1042->1019 1047->1041 1050 46f49b 1047->1050 1048->1047 1050->1027
                                                                                                            APIs
                                                                                                              • Part of subcall function 0046ECB8: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,00475FFE,?,0049C1DC,?,0046EFCF,?,00000000,0046F56A,?,_is1), ref: 0046ECDB
                                                                                                              • Part of subcall function 0046ED28: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F3A6,?,?,00000000,0046F56A,?,_is1,?), ref: 0046ED3B
                                                                                                            • RegCloseKey.ADVAPI32(?,0046F571,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F5BC,?,?,0049C1DC,00000000), ref: 0046F564
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value$Close
                                                                                                            • String ID: " /SILENT$5.5.2 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                                                            • API String ID: 3391052094-2734025597
                                                                                                            • Opcode ID: 4b47327b70ee27fc59f023ce9095d4925cbd7ad973a1f437070c8b1580be5bb7
                                                                                                            • Instruction ID: 41df9594f94a3a106a445eb875b77748a5d5020e54387338891d7450c5044d2a
                                                                                                            • Opcode Fuzzy Hash: 4b47327b70ee27fc59f023ce9095d4925cbd7ad973a1f437070c8b1580be5bb7
                                                                                                            • Instruction Fuzzy Hash: CF123335A00109AFDB04EF55E981ADE73F5EB48304F60847BE840AB396EB78AD45CB5D

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1051 4923a8-4923dc call 403684 1054 4923de-4923ed call 446f9c Sleep 1051->1054 1055 4923f2-4923ff call 403684 1051->1055 1060 492882-49289c call 403420 1054->1060 1061 49242e-49243b call 403684 1055->1061 1062 492401-492424 call 446ff8 call 403738 FindWindowA call 447278 1055->1062 1070 49246a-492477 call 403684 1061->1070 1071 49243d-492465 call 446ff8 call 403738 FindWindowA call 447278 1061->1071 1081 492429 1062->1081 1079 492479-4924bb call 446f9c * 4 SendMessageA call 447278 1070->1079 1080 4924c0-4924cd call 403684 1070->1080 1071->1060 1079->1060 1089 49251c-492529 call 403684 1080->1089 1090 4924cf-492517 call 446f9c * 4 PostMessageA call 4470d0 1080->1090 1081->1060 1098 492578-492585 call 403684 1089->1098 1099 49252b-492573 call 446f9c * 4 SendNotifyMessageA call 4470d0 1089->1099 1090->1060 1111 4925b2-4925bf call 403684 1098->1111 1112 492587-4925ad call 446ff8 call 403738 RegisterClipboardFormatA call 447278 1098->1112 1099->1060 1127 4925c1-4925fb call 446f9c * 3 SendMessageA call 447278 1111->1127 1128 492600-49260d call 403684 1111->1128 1112->1060 1127->1060 1140 49260f-49264f call 446f9c * 3 PostMessageA call 4470d0 1128->1140 1141 492654-492661 call 403684 1128->1141 1140->1060 1151 4926a8-4926b5 call 403684 1141->1151 1152 492663-4926a3 call 446f9c * 3 SendNotifyMessageA call 4470d0 1141->1152 1162 49270a-492717 call 403684 1151->1162 1163 4926b7-4926d5 call 446ff8 call 42e394 1151->1163 1152->1060 1174 492719-492745 call 446ff8 call 403738 call 446f9c GetProcAddress 1162->1174 1175 492791-49279e call 403684 1162->1175 1183 4926e7-4926f5 GetLastError call 447278 1163->1183 1184 4926d7-4926e5 call 447278 1163->1184 1208 492781-49278c call 4470d0 1174->1208 1209 492747-49277c call 446f9c * 2 call 447278 call 4470d0 1174->1209 1189 4927a0-4927c1 call 446f9c FreeLibrary call 4470d0 1175->1189 1190 4927c6-4927d3 call 403684 1175->1190 1195 4926fa-492705 call 447278 1183->1195 1184->1195 1189->1060 1201 4927f8-492805 call 403684 1190->1201 1202 4927d5-4927f3 call 446ff8 call 403738 CreateMutexA 1190->1202 1195->1060 1217 49283b-492848 call 403684 1201->1217 1218 492807-492839 call 48c764 call 403574 call 403738 OemToCharBuffA call 48c77c 1201->1218 1202->1060 1208->1060 1209->1060 1227 49284a-49287c call 48c764 call 403574 call 403738 CharToOemBuffA call 48c77c 1217->1227 1228 49287e 1217->1228 1218->1060 1227->1060 1228->1060
                                                                                                            APIs
                                                                                                            • Sleep.KERNEL32(00000000,00000000,0049289D,?,?,?,?,00000000,00000000,00000000), ref: 004923E8
                                                                                                            • FindWindowA.USER32(00000000,00000000), ref: 00492419
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindSleepWindow
                                                                                                            • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                                                            • API String ID: 3078808852-3310373309
                                                                                                            • Opcode ID: fc65408302e00bfaa9df3cfa690acb5bb30b22ebaabf7b5c0919dab2d319a526
                                                                                                            • Instruction ID: 9f3505894e5a6fd9d1366d4270c7319e33b1617852d99992837f934410b553a1
                                                                                                            • Opcode Fuzzy Hash: fc65408302e00bfaa9df3cfa690acb5bb30b22ebaabf7b5c0919dab2d319a526
                                                                                                            • Instruction Fuzzy Hash: 0CC182A0B042413BDB14FF3E9D4151F59A99B94708B118A3FB446EB38BCE7DED0A4399

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1621 483560-483585 GetModuleHandleA GetProcAddress 1622 4835ec-4835f1 GetSystemInfo 1621->1622 1623 483587-48359d GetNativeSystemInfo GetProcAddress 1621->1623 1625 4835f6-4835ff 1622->1625 1624 48359f-4835aa GetCurrentProcess 1623->1624 1623->1625 1624->1625 1632 4835ac-4835b0 1624->1632 1626 48360f-483616 1625->1626 1627 483601-483605 1625->1627 1628 483631-483636 1626->1628 1630 483618-48361f 1627->1630 1631 483607-48360b 1627->1631 1630->1628 1633 48360d-48362a 1631->1633 1634 483621-483628 1631->1634 1632->1625 1636 4835b2-4835b9 call 45271c 1632->1636 1633->1628 1634->1628 1636->1625 1639 4835bb-4835c8 GetProcAddress 1636->1639 1639->1625 1640 4835ca-4835e1 GetModuleHandleA GetProcAddress 1639->1640 1640->1625 1641 4835e3-4835ea 1640->1641 1641->1625
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483571
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0048357E
                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0048358C
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483594
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 004835A0
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 004835C1
                                                                                                            • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 004835D4
                                                                                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 004835DA
                                                                                                            • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 004835F1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                                                            • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                                                            • API String ID: 2230631259-2623177817
                                                                                                            • Opcode ID: ecd875b9fed982c6964d0a5895b6aed5fdd9f377785afaacdd435e2d250d9586
                                                                                                            • Instruction ID: 55e3f4d73e57614863bf74929b0f0177a2d28665cd9645ad6096ae2f13a54172
                                                                                                            • Opcode Fuzzy Hash: ecd875b9fed982c6964d0a5895b6aed5fdd9f377785afaacdd435e2d250d9586
                                                                                                            • Instruction Fuzzy Hash: D6113D81549782B4DA21BB7D8D5AB6F1A888B10F5AF140C3B7C40753C2E96DCE458B6E

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1647 468bfc-468c34 call 47bd90 1650 468e16-468e30 call 403420 1647->1650 1651 468c3a-468c4a call 478944 1647->1651 1656 468c4f-468c94 call 4078f4 call 403738 call 42de1c 1651->1656 1662 468c99-468c9b 1656->1662 1663 468ca1-468cb6 1662->1663 1664 468e0c-468e10 1662->1664 1665 468ccb-468cd2 1663->1665 1666 468cb8-468cc6 call 42dd4c 1663->1666 1664->1650 1664->1656 1668 468cd4-468cf6 call 42dd4c call 42dd64 1665->1668 1669 468cff-468d06 1665->1669 1666->1665 1668->1669 1690 468cf8 1668->1690 1670 468d5f-468d66 1669->1670 1671 468d08-468d2d call 42dd4c * 2 1669->1671 1675 468dac-468db3 1670->1675 1676 468d68-468d7a call 42dd4c 1670->1676 1693 468d2f-468d38 call 4314f8 1671->1693 1694 468d3d-468d4f call 42dd4c 1671->1694 1678 468db5-468de9 call 42dd4c * 3 1675->1678 1679 468dee-468e04 RegCloseKey 1675->1679 1686 468d7c-468d85 call 4314f8 1676->1686 1687 468d8a-468d9c call 42dd4c 1676->1687 1678->1679 1686->1687 1687->1675 1700 468d9e-468da7 call 4314f8 1687->1700 1690->1669 1693->1694 1694->1670 1704 468d51-468d5a call 4314f8 1694->1704 1700->1675 1704->1670
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,00468E16,?,?,00000001,00000000,00000000,00468E31,?,00000000,00000000,?), ref: 00468DFF
                                                                                                            Strings
                                                                                                            • Inno Setup: User Info: Serial, xrefs: 00468DE1
                                                                                                            • %s\%s_is1, xrefs: 00468C79
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468C5B
                                                                                                            • Inno Setup: App Path, xrefs: 00468CBE
                                                                                                            • Inno Setup: Selected Components, xrefs: 00468D1E
                                                                                                            • Inno Setup: Selected Tasks, xrefs: 00468D6B
                                                                                                            • Inno Setup: User Info: Organization, xrefs: 00468DCE
                                                                                                            • Inno Setup: Setup Type, xrefs: 00468D0E
                                                                                                            • Inno Setup: Deselected Tasks, xrefs: 00468D8D
                                                                                                            • Inno Setup: Deselected Components, xrefs: 00468D40
                                                                                                            • Inno Setup: No Icons, xrefs: 00468CE7
                                                                                                            • Inno Setup: Icon Group, xrefs: 00468CDA
                                                                                                            • Inno Setup: User Info: Name, xrefs: 00468DBB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                            • API String ID: 47109696-1093091907
                                                                                                            • Opcode ID: 477994bb8960d1965e10b40f61816eaf4c7b707db17a7ca4aa6169c09ca9eb9e
                                                                                                            • Instruction ID: 0c37994fccd001a995e494b6850b37eb05b7d5ed784e69181523ebf3a7e49158
                                                                                                            • Opcode Fuzzy Hash: 477994bb8960d1965e10b40f61816eaf4c7b707db17a7ca4aa6169c09ca9eb9e
                                                                                                            • Instruction Fuzzy Hash: 8D51C570A006049BCB10DB65C941BDEB7F5EF48304F50856EE840AB391EB38AF01CB6D

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                              • Part of subcall function 0042D898: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00453DB4,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15), ref: 0042D8AB
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                              • Part of subcall function 0042D8F0: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                              • Part of subcall function 0042D8F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                            • SHGetKnownFolderPath.SHELL32(00499D1C,00008000,00000000,?,00000000,0047C432), ref: 0047C336
                                                                                                            • CoTaskMemFree.OLE32(?,0047C37B), ref: 0047C36E
                                                                                                              • Part of subcall function 0042D208: GetEnvironmentVariableA.KERNEL32(00000000,00000000,00000000,?,?,00000000,0042DA3E,00000000,0042DAD0,?,?,?,0049B628,00000000,00000000), ref: 0042D233
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Directory$AddressEnvironmentFolderFreeHandleKnownModulePathProcSystemTaskVariableWindows
                                                                                                            • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                            • API String ID: 3771764029-544719455
                                                                                                            • Opcode ID: 458afd9a1cda60bc5c06d2a3f17cd4b8a975594a1455dcf27ea3d462b6d04529
                                                                                                            • Instruction ID: 599f5abe96f02a195e24b8b9203061af68f55c26e596fa95a84979d127ba116b
                                                                                                            • Opcode Fuzzy Hash: 458afd9a1cda60bc5c06d2a3f17cd4b8a975594a1455dcf27ea3d462b6d04529
                                                                                                            • Instruction Fuzzy Hash: 84619134A00204ABDB10EBA5E8D2A9E7B65EB54308F90C57FE804A7396C73C9E44CF5D

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1949 423874-42387e 1950 4239a7-4239ab 1949->1950 1951 423884-4238a6 call 41f3c4 GetClassInfoA 1949->1951 1954 4238d7-4238e0 GetSystemMetrics 1951->1954 1955 4238a8-4238bf RegisterClassA 1951->1955 1956 4238e2 1954->1956 1957 4238e5-4238ef GetSystemMetrics 1954->1957 1955->1954 1958 4238c1-4238d2 call 408cbc call 40311c 1955->1958 1956->1957 1960 4238f1 1957->1960 1961 4238f4-423950 call 403738 call 4062e8 call 403400 call 42364c SetWindowLongA 1957->1961 1958->1954 1960->1961 1972 423952-423965 call 424178 SendMessageA 1961->1972 1973 42396a-423998 GetSystemMenu DeleteMenu * 2 1961->1973 1972->1973 1973->1950 1975 42399a-4239a2 DeleteMenu 1973->1975 1975->1950
                                                                                                            APIs
                                                                                                              • Part of subcall function 0041F3C4: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                            • GetClassInfoA.USER32(00400000,0042367C), ref: 0042389F
                                                                                                            • RegisterClassA.USER32(00499630), ref: 004238B7
                                                                                                            • GetSystemMetrics.USER32(00000000), ref: 004238D9
                                                                                                            • GetSystemMetrics.USER32(00000001), ref: 004238E8
                                                                                                            • SetWindowLongA.USER32(00410460,000000FC,0042368C), ref: 00423944
                                                                                                            • SendMessageA.USER32(00410460,00000080,00000001,00000000), ref: 00423965
                                                                                                            • GetSystemMenu.USER32(00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 00423970
                                                                                                            • DeleteMenu.USER32(00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C,0041EDA4), ref: 0042397F
                                                                                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 0042398C
                                                                                                            • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410460,00000000,00000000,00400000,00000000,00000000,00000000), ref: 004239A2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                                                            • String ID: |6B
                                                                                                            • API String ID: 183575631-3009739247
                                                                                                            • Opcode ID: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                            • Instruction ID: 5979ac727d64f3fe5c9a0a43452729076f54e0f9e4c251b9a4c28f9d6bed272f
                                                                                                            • Opcode Fuzzy Hash: 4cae07da4ecbd82a5ef2c5022e230c145e19d211ee6ce0cd027d67cd6f27acc7
                                                                                                            • Instruction Fuzzy Hash: E63152B17402006AEB10AF69DC82F6A37989B14709F60017BFA44EF2D7C6BDED40876D

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1977 47c968-47c9be call 42c3fc call 4035c0 call 47c62c call 4525d8 1986 47c9c0-47c9c5 call 453344 1977->1986 1987 47c9ca-47c9d9 call 4525d8 1977->1987 1986->1987 1991 47c9f3-47c9f9 1987->1991 1992 47c9db-47c9e1 1987->1992 1995 47ca10-47ca38 call 42e394 * 2 1991->1995 1996 47c9fb-47ca01 1991->1996 1993 47ca03-47ca0b call 403494 1992->1993 1994 47c9e3-47c9e9 1992->1994 1993->1995 1994->1991 1997 47c9eb-47c9f1 1994->1997 2003 47ca5f-47ca79 GetProcAddress 1995->2003 2004 47ca3a-47ca5a call 4078f4 call 453344 1995->2004 1996->1993 1996->1995 1997->1991 1997->1993 2005 47ca85-47caa2 call 403400 * 2 2003->2005 2006 47ca7b-47ca80 call 453344 2003->2006 2004->2003 2006->2005
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(6FDC0000,SHGetFolderPathA), ref: 0047CA6A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$ptI$shell32.dll$shfolder.dll
                                                                                                            • API String ID: 190572456-2576699960
                                                                                                            • Opcode ID: de0f38486c819f413c08132c2c10785360ce7bb1d082894e1dd7e5610f115569
                                                                                                            • Instruction ID: 1b7f257eac351b2865de88edbb479a2ab4f4c09eb1d5ad9e3bfc9d6f8503b50a
                                                                                                            • Opcode Fuzzy Hash: de0f38486c819f413c08132c2c10785360ce7bb1d082894e1dd7e5610f115569
                                                                                                            • Instruction Fuzzy Hash: 66310E70A001099BCB00EB95D5D2AEEB7B5EB44305F50847BE404F7241D778AE45CBAD

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2126 40631c-406336 GetModuleHandleA GetProcAddress 2127 406338 2126->2127 2128 40633f-40634c GetProcAddress 2126->2128 2127->2128 2129 406355-406362 GetProcAddress 2128->2129 2130 40634e 2128->2130 2131 406364-406366 SetProcessDEPPolicy 2129->2131 2132 406368-406369 2129->2132 2130->2129 2131->2132
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498730), ref: 00406322
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                            • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498730), ref: 00406366
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModulePolicyProcess
                                                                                                            • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                                                            • API String ID: 3256987805-3653653586
                                                                                                            • Opcode ID: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                            • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                                                                            • Opcode Fuzzy Hash: fb4db72500fb8039bf9e982fa136c472a352d03826636d66c2b82dec8efce00d
                                                                                                            • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                                                                            APIs
                                                                                                            • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                            • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                            • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$Prop
                                                                                                            • String ID: 3A$yA
                                                                                                            • API String ID: 3887896539-3278460822
                                                                                                            • Opcode ID: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                            • Instruction ID: bcb4e109f9bb3244d1d15a250a8b19338fc20a7c4ef9bfc7c396c8b3ff51cb63
                                                                                                            • Opcode Fuzzy Hash: d9856cee796f57cc1685d9958f98130356579251106e4d85d69cc018d86e5275
                                                                                                            • Instruction Fuzzy Hash: 8C22D06508E3C05FE31B9B74896A5D57FA0EE13325B1D45DFC4C28B1A3D21E8A8BC71A

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2265 42f560-42f56a 2266 42f574-42f5b1 call 402b30 GetActiveWindow GetFocus call 41eea4 2265->2266 2267 42f56c-42f56f call 402d30 2265->2267 2273 42f5c3-42f5cb 2266->2273 2274 42f5b3-42f5bd RegisterClassA 2266->2274 2267->2266 2275 42f652-42f66e SetFocus call 403400 2273->2275 2276 42f5d1-42f602 CreateWindowExA 2273->2276 2274->2273 2276->2275 2278 42f604-42f648 call 42427c call 403738 CreateWindowExA 2276->2278 2278->2275 2284 42f64a-42f64d ShowWindow 2278->2284 2284->2275
                                                                                                            APIs
                                                                                                            • GetActiveWindow.USER32 ref: 0042F58F
                                                                                                            • GetFocus.USER32 ref: 0042F597
                                                                                                            • RegisterClassA.USER32(004997AC), ref: 0042F5B8
                                                                                                            • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F68C,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F5F6
                                                                                                            • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F63C
                                                                                                            • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F64D
                                                                                                            • SetFocus.USER32(00000000,00000000,0042F66F,?,?,?,00000001,00000000,?,004581A2,00000000,0049B628), ref: 0042F654
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                                                            • String ID: TWindowDisabler-Window
                                                                                                            • API String ID: 3167913817-1824977358
                                                                                                            • Opcode ID: af2d58cb1d61aa5294d5b80584b5773ea49d3efeec85bd27a4eae10aec25b275
                                                                                                            • Instruction ID: c3989f54cd535b42bfd745bd8d6279a550c1ea008e6f4be51b2d228796931bcd
                                                                                                            • Opcode Fuzzy Hash: af2d58cb1d61aa5294d5b80584b5773ea49d3efeec85bd27a4eae10aec25b275
                                                                                                            • Instruction Fuzzy Hash: B021A170740710BAE310EF66AD43F1A76B8EB04B44F91853BF604AB2E1D7B86D0586AD

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 2285 4531f0-453241 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 2286 453243-45324a 2285->2286 2287 45324c-45324e 2285->2287 2286->2287 2288 453250 2286->2288 2289 453252-453288 call 42e394 call 42e8c8 call 403400 2287->2289 2288->2289
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 00453210
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 0045322A
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                                                            • API String ID: 1646373207-2130885113
                                                                                                            • Opcode ID: 460e23cb00cf3424ad6d0c49a1f828097ca48bff1b05d8589e040c86aeca4b16
                                                                                                            • Instruction ID: 0cfad7ca53bf4133c716031d63a26ec494c9be7874946ed143d2344feace3e75
                                                                                                            • Opcode Fuzzy Hash: 460e23cb00cf3424ad6d0c49a1f828097ca48bff1b05d8589e040c86aeca4b16
                                                                                                            • Instruction Fuzzy Hash: 9F01D870240B04BED3016F63AD12F563A58E755B5BF5044BBFC1496582C77C4A088EAD
                                                                                                            APIs
                                                                                                            • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 00467097
                                                                                                            • ExtractIconA.SHELL32(00400000,00000000,?), ref: 004670BD
                                                                                                              • Part of subcall function 00466F34: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00466FCC
                                                                                                              • Part of subcall function 00466F34: DestroyCursor.USER32(00000000), ref: 00466FE2
                                                                                                            • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 00467114
                                                                                                            • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467175
                                                                                                            • ExtractIconA.SHELL32(00400000,00000000,?), ref: 0046719B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                                                            • String ID: c:\directory$shell32.dll
                                                                                                            • API String ID: 3376378930-1375355148
                                                                                                            • Opcode ID: 6d041171d1007e38f1423e999fca6c8345fae3a72a3914b9ee39d1bb44a6fd6f
                                                                                                            • Instruction ID: 28e44f0b0ade20fd2fa41990bb26b25d2b6273e6e4b8387af8825f96a0abaac4
                                                                                                            • Opcode Fuzzy Hash: 6d041171d1007e38f1423e999fca6c8345fae3a72a3914b9ee39d1bb44a6fd6f
                                                                                                            • Instruction Fuzzy Hash: 65517E70604204AFD710DF65CD89FDFB7E8EB49308F1081A7F8089B351D6389E81CA69
                                                                                                            APIs
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430948
                                                                                                            • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 00430957
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00430971
                                                                                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 00430992
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                                                            • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                                                            • API String ID: 4130936913-2943970505
                                                                                                            • Opcode ID: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                            • Instruction ID: 0bd92e6c8c1c5a5b8444157758b44b4e11dae02c37acc47d2edddbd1fb793b69
                                                                                                            • Opcode Fuzzy Hash: 8a088dfdc0b2c62b7d21c5c596ec815df7ae76573c78c741c8a86d6eee6cb681
                                                                                                            • Instruction Fuzzy Hash: 22F012B0458340DEE300EB65994271E7BD0EF58718F50467FF498A6392D7795904CB5F
                                                                                                            APIs
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00472199,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555), ref: 00472175
                                                                                                            • FindClose.KERNEL32(000000FF,004721A0,00472199,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555,?), ref: 00472193
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,004722BB,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555), ref: 00472297
                                                                                                            • FindClose.KERNEL32(000000FF,004722C2,004722BB,?,00000000,?,0049C1DC,00000000,00472389,?,00000000,?,00000000,?,00472555,?), ref: 004722B5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileNext
                                                                                                            • String ID: &&G$&&G
                                                                                                            • API String ID: 2066263336-852616326
                                                                                                            • Opcode ID: 53d573c3283eea8276722ae00e783839c534cad26cf1d76589be1e10efaeed4f
                                                                                                            • Instruction ID: 5d8f9e8498e1fb85c1a49ff99105bc28d4ff0fd985b73b461b66a4ef7da0b053
                                                                                                            • Opcode Fuzzy Hash: 53d573c3283eea8276722ae00e783839c534cad26cf1d76589be1e10efaeed4f
                                                                                                            • Instruction Fuzzy Hash: F0C14C3490424D9FCF11DFA5C981BDEBBB9FF09304F5085AAE908A3291D7789A45CF64
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C,00000000), ref: 004551BA
                                                                                                            • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,0045522C,0045522C,?,0045522C), ref: 004551C7
                                                                                                              • Part of subcall function 00454F7C: WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                              • Part of subcall function 00454F7C: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                              • Part of subcall function 00454F7C: GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                              • Part of subcall function 00454F7C: CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                                                            • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                                                            • API String ID: 854858120-615399546
                                                                                                            • Opcode ID: d48cb867d8132222f58630969ce6cc8153310e3eaa120555069058459d823a95
                                                                                                            • Instruction ID: 058baa7e90e176347c833b132b7c272bf8058e823d6e061bdbf2f6311869cd9e
                                                                                                            • Opcode Fuzzy Hash: d48cb867d8132222f58630969ce6cc8153310e3eaa120555069058459d823a95
                                                                                                            • Instruction Fuzzy Hash: 41516D34B0074DABCF10EFA5D852BDEBBB9AF44305F50447BB804B7292D7789A098B59
                                                                                                            APIs
                                                                                                            • LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                            • OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                            • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Char$FileIconLoadLowerModuleName
                                                                                                            • String ID: 2$MAINICON
                                                                                                            • API String ID: 3935243913-3181700818
                                                                                                            • Opcode ID: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                            • Instruction ID: 339a64ebbf2375270c19ef2cfa2d714624ee8dcb7e06b01b5ae6522dc3b50067
                                                                                                            • Opcode Fuzzy Hash: a0d1a492a3e1df344d79b5ede7937f80cf878dadafa44837ceada302c6d607ca
                                                                                                            • Instruction Fuzzy Hash: 243181B0A042549ADF10EF29D8C57C67BA8AF14308F4441BAE844DB393D7BED988CB59
                                                                                                            APIs
                                                                                                            • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F3D
                                                                                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F5E
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00418F79
                                                                                                            • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F9A
                                                                                                              • Part of subcall function 004230C8: GetDC.USER32(00000000), ref: 0042311E
                                                                                                              • Part of subcall function 004230C8: EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                              • Part of subcall function 004230C8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                              • Part of subcall function 004230C8: ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                              • Part of subcall function 0042368C: LoadIconA.USER32(00400000,MAINICON), ref: 0042371C
                                                                                                              • Part of subcall function 0042368C: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 00423749
                                                                                                              • Part of subcall function 0042368C: OemToCharA.USER32(?,?), ref: 0042375C
                                                                                                              • Part of subcall function 0042368C: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FE6,00000000,?,?,?,00000001), ref: 0042379C
                                                                                                              • Part of subcall function 0041F118: GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                              • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                              • Part of subcall function 0041F118: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                              • Part of subcall function 0041F118: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                              • Part of subcall function 0041F118: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$CapsDeviceEnumFileFontsIconLibraryLowerModuleNameProcessReleaseThreadVersion
                                                                                                            • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                                                            • API String ID: 316262546-2767913252
                                                                                                            • Opcode ID: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                            • Instruction ID: d883a59e21ed3b4d0722d018b4a025de81f9e45e1fd093e44b5ebaba0e30331f
                                                                                                            • Opcode Fuzzy Hash: b417f06b73a7dba032b12b865c8ed9bc6bb92a8bfb887f153b822e9fb73695be
                                                                                                            • Instruction Fuzzy Hash: AC115E706142419AD740FF76A94235A7BE1DF64308F40943FF448A7391DB3DA9448B5F
                                                                                                            APIs
                                                                                                            • SetWindowLongA.USER32(?,000000FC,?), ref: 00413664
                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 0041366F
                                                                                                            • GetWindowLongA.USER32(?,000000F4), ref: 00413681
                                                                                                            • SetWindowLongA.USER32(?,000000F4,?), ref: 00413694
                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 004136AB
                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 004136C2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$Prop
                                                                                                            • String ID:
                                                                                                            • API String ID: 3887896539-0
                                                                                                            • Opcode ID: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                            • Instruction ID: 06abc153636d574f2b9d5b42ed2ef1d3d1989bf2b09c04f5b7aa0ee96fd2bcf7
                                                                                                            • Opcode Fuzzy Hash: 7846fecbe383e6d7fdaea4169180c186d89bab15e88d328ea810806c298c4441
                                                                                                            • Instruction Fuzzy Hash: 1011C975100244BFEF00DF9DDC84EDA37E8EB19364F144666B958DB2A2D738DD908B68
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,0045586F,?,00000000,004558AF), ref: 004557B5
                                                                                                            Strings
                                                                                                            • PendingFileRenameOperations2, xrefs: 00455784
                                                                                                            • PendingFileRenameOperations, xrefs: 00455754
                                                                                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455738
                                                                                                            • WININIT.INI, xrefs: 004557E4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                                                            • API String ID: 47109696-2199428270
                                                                                                            • Opcode ID: ff5e046778063e7c615d5c8ac9a6b1d801ca0d933ef60992733312df31d3558f
                                                                                                            • Instruction ID: 0fa1da25f67206326559771d92c7e47b52ca8d856d575cc5f046ac455f5bab2a
                                                                                                            • Opcode Fuzzy Hash: ff5e046778063e7c615d5c8ac9a6b1d801ca0d933ef60992733312df31d3558f
                                                                                                            • Instruction Fuzzy Hash: FF51A974E006089FDB10EF61DC51AEEB7B9EF44305F50857BEC04A7292DB78AE49CA58
                                                                                                            APIs
                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047C7DA,?,?,00000000,0049B628,00000000,00000000,?,004980A9,00000000,00498252,?,00000000), ref: 0047C717
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,0047C7DA,?,?,00000000,0049B628,00000000,00000000,?,004980A9,00000000,00498252,?,00000000), ref: 0047C720
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                            • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                                                            • API String ID: 1375471231-2952887711
                                                                                                            • Opcode ID: 3f7519f2dbd75ec89759c5e36ccc4ab0adc05f47ddd4608262a1c5d06c660367
                                                                                                            • Instruction ID: edb20439a36284776f78bdf2a161e381ec1662189dfb35441dcb715623f8c11f
                                                                                                            • Opcode Fuzzy Hash: 3f7519f2dbd75ec89759c5e36ccc4ab0adc05f47ddd4608262a1c5d06c660367
                                                                                                            • Instruction Fuzzy Hash: 6F410574A001099BDB01EBA5D8C2ADEB7B5EF44309F50547BE411B7392DB389E058F69
                                                                                                            APIs
                                                                                                            • 751C1520.VERSION(00000000,?,?,?,ptI), ref: 00452530
                                                                                                            • 751C1500.VERSION(00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,ptI), ref: 0045255D
                                                                                                            • 751C1540.VERSION(?,004525D4,?,?,00000000,?,00000000,?,00000000,004525AB,?,00000000,?,?,?,ptI), ref: 00452577
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: C1500C1520C1540
                                                                                                            • String ID: ptI$%E
                                                                                                            • API String ID: 1315064709-3209181666
                                                                                                            • Opcode ID: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                            • Instruction ID: f5dca5bfdad9659449235e2d7a4f424f1fde127461be4d93bb02e754cc996b3f
                                                                                                            • Opcode Fuzzy Hash: f18440ec30d6a8502c14f0dca7f1c7caee1af709ad5b943411f89d38bbe9f821
                                                                                                            • Instruction Fuzzy Hash: D2218331A00608BFDB01DAA989519AFB7FCEB4A300F554477F800E7242E6B9AE04C765
                                                                                                            APIs
                                                                                                            • EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                            • GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                            • GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                            • SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$EnumLongWindows
                                                                                                            • String ID: \AB
                                                                                                            • API String ID: 4191631535-3948367934
                                                                                                            • Opcode ID: bca5fbb655e429c390612aedafb62b4dde642c29ff44978b36ddb9eb5ee27a78
                                                                                                            • Instruction ID: 3ad81c14f5822e14e615a382c86082b2427cd388a5bf15486a3129e996868218
                                                                                                            • Opcode Fuzzy Hash: bca5fbb655e429c390612aedafb62b4dde642c29ff44978b36ddb9eb5ee27a78
                                                                                                            • Instruction Fuzzy Hash: D6115E70700610ABDB109F28E885F5677E8EB08715F10026AF994AB2E3C378ED41CB59
                                                                                                            APIs
                                                                                                            • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE50
                                                                                                            • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFEB,00000000,0042E003,?,?,?,?,00000006,?,00000000,004973CD), ref: 0042DE6B
                                                                                                            • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE71
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressDeleteHandleModuleProc
                                                                                                            • String ID: RegDeleteKeyExA$advapi32.dll
                                                                                                            • API String ID: 588496660-1846899949
                                                                                                            • Opcode ID: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                            • Instruction ID: e7246de0df94fba710dd2820c0ca51643d5dd29c3ac0bea476bad59fd0e01b91
                                                                                                            • Opcode Fuzzy Hash: ed1542cdc99e60fdc1e6205037aed1b156b4601bf62b1d4fa5b097ff81e7402e
                                                                                                            • Instruction Fuzzy Hash: 73E06DF1B41B30AAD72022657C8ABA33729DB75365F658437F105AD19183FC2C50CE9D
                                                                                                            Strings
                                                                                                            • NextButtonClick, xrefs: 0046BAC0
                                                                                                            • PrepareToInstall failed: %s, xrefs: 0046BCE2
                                                                                                            • Need to restart Windows? %s, xrefs: 0046BD09
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                                                            • API String ID: 0-2329492092
                                                                                                            • Opcode ID: 37ba51fdfbf3f4723fb08e99647d0fd9c61c097c060f23ffe4e001e6baa90b0a
                                                                                                            • Instruction ID: b95f389d09e957f91eb9f42d110418d47b08b3dab155efeebd7a2a0376f7d9ee
                                                                                                            • Opcode Fuzzy Hash: 37ba51fdfbf3f4723fb08e99647d0fd9c61c097c060f23ffe4e001e6baa90b0a
                                                                                                            • Instruction Fuzzy Hash: F2D12F34A04208DFCB10EBA9D585AED77F5EF09304F5440BAE404EB352D779AE81DB9A
                                                                                                            APIs
                                                                                                            • SetActiveWindow.USER32(?,?,00000000,00482EB9), ref: 00482C8C
                                                                                                            • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00482D2A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ActiveChangeNotifyWindow
                                                                                                            • String ID: $Need to restart Windows? %s
                                                                                                            • API String ID: 1160245247-4200181552
                                                                                                            • Opcode ID: 81628947227ec58f55b2c351f2131b28aedfbb6b6148b8ba4744526014514c8c
                                                                                                            • Instruction ID: 086790f0fc0b942e3ee9f07944933bacbb32a26cbddea002bc31c7aef2919c1b
                                                                                                            • Opcode Fuzzy Hash: 81628947227ec58f55b2c351f2131b28aedfbb6b6148b8ba4744526014514c8c
                                                                                                            • Instruction Fuzzy Hash: 60919F746002449FDB10FB69D9C5BAE7BE5AF59304F4484BBE8009B3A2C7B8AD05CB5D
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                            • GetLastError.KERNEL32(00000000,0046FB4D,?,?,0049C1DC,00000000), ref: 0046FA2A
                                                                                                            • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FAA4
                                                                                                            • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FAC9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                                                            • String ID: Creating directory: %s
                                                                                                            • API String ID: 2451617938-483064649
                                                                                                            • Opcode ID: d5447365283b068e30203d66d8a9de4eaa18c1a3b89182fdc70a83f7754103f0
                                                                                                            • Instruction ID: 553d0e02451aea180b77d3c3bea8b04784d1aec5cd58197de2500155b30451aa
                                                                                                            • Opcode Fuzzy Hash: d5447365283b068e30203d66d8a9de4eaa18c1a3b89182fdc70a83f7754103f0
                                                                                                            • Instruction Fuzzy Hash: E5516474E00248ABDB00DFA5D992BDEB7F5AF49304F50847AE850B7386D7786E08CB59
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E82
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F48), ref: 00454EEC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressByteCharMultiProcWide
                                                                                                            • String ID: SfcIsFileProtected$sfc.dll
                                                                                                            • API String ID: 2508298434-591603554
                                                                                                            • Opcode ID: b2872c537cb6cd03ad7726ff2c2bd0a0e2fc6763cd0da9df413ff005d177c2bc
                                                                                                            • Instruction ID: 0183ab2a96bad10459dc7acb776d15a29b7b4c70eaa7773bbc3cb8db3249cf06
                                                                                                            • Opcode Fuzzy Hash: b2872c537cb6cd03ad7726ff2c2bd0a0e2fc6763cd0da9df413ff005d177c2bc
                                                                                                            • Instruction Fuzzy Hash: 1A419771A042189BEB20DB59DC85B9DB7B8EB4430DF5041B7E908A7293D7785F88CE1C
                                                                                                            APIs
                                                                                                            • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDC5
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                              • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                              • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                            • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                                                            • String ID: SHAutoComplete$shlwapi.dll
                                                                                                            • API String ID: 395431579-1506664499
                                                                                                            • Opcode ID: 9bc7ff361d258be52dd27e2f74bcf33eed5b2b299b3a40fb55461f8ad11e2a91
                                                                                                            • Instruction ID: e807f919b0f5f47641bb36d66eaae5ab4e0d2818c3cb02d7dc2bc8906116ae4e
                                                                                                            • Opcode Fuzzy Hash: 9bc7ff361d258be52dd27e2f74bcf33eed5b2b299b3a40fb55461f8ad11e2a91
                                                                                                            • Instruction Fuzzy Hash: 3311A330B00319BBD711EB62FD85B8E7BA8DB55704F90447BF40066291DBB8AE05C65D
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,00455A7B,?,00000001,00000000), ref: 00455A6E
                                                                                                            Strings
                                                                                                            • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00455A1C
                                                                                                            • PendingFileRenameOperations, xrefs: 00455A40
                                                                                                            • PendingFileRenameOperations2, xrefs: 00455A4F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                            • API String ID: 47109696-2115312317
                                                                                                            • Opcode ID: 9558350f34ddeb35ff12a6c57317cf96059e68c4625077236ac43c80a8283c08
                                                                                                            • Instruction ID: e9356c19d9a7d2c1b22529064790e486fb2be540b5bf165494b3782c633fa2c0
                                                                                                            • Opcode Fuzzy Hash: 9558350f34ddeb35ff12a6c57317cf96059e68c4625077236ac43c80a8283c08
                                                                                                            • Instruction Fuzzy Hash: A3F0F671304A08BFDB04D661DC62A3B739CE744725FB08167F800CB682EA7CBD04915C
                                                                                                            APIs
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?,?,00000000), ref: 0047F882
                                                                                                            • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?,?), ref: 0047F88F
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0047F9A8,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B), ref: 0047F984
                                                                                                            • FindClose.KERNEL32(000000FF,0047F9AF,0047F9A8,?,?,?,?,00000000,0047F9D5,?,00000000,00000000,?,?,00480C2B,?), ref: 0047F9A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 2066263336-0
                                                                                                            • Opcode ID: d71ed79f5e3cae8dbdb8f9366932315e37cb591a7859d28a8b9a768ac6bf17e9
                                                                                                            • Instruction ID: 945984253e7709c97adc8e2d755cc1877c70959f01d2b28a808f8207dce1d898
                                                                                                            • Opcode Fuzzy Hash: d71ed79f5e3cae8dbdb8f9366932315e37cb591a7859d28a8b9a768ac6bf17e9
                                                                                                            • Instruction Fuzzy Hash: FD513E71900648AFCB20EF65CC45ADEB7B8EB88315F1084BAA418E7351D7389F89CF55
                                                                                                            APIs
                                                                                                            • GetMenu.USER32(00000000), ref: 00421361
                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 0042137E
                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 004213B3
                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 004213CF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu
                                                                                                            • String ID:
                                                                                                            • API String ID: 3711407533-0
                                                                                                            • Opcode ID: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                            • Instruction ID: 68e231870b0c3442489bede8fdcf2aa1db34e154331db007d9f14f65c1163b63
                                                                                                            • Opcode Fuzzy Hash: 011238806e8749de4259267c2425fab43e1a23b2a7ed20fe69ece2c0c4e48eae
                                                                                                            • Instruction Fuzzy Hash: 4641AE3070425447EB20EA3AA9857AB36925B20308F4841BFFC40DF7A3CA7CDD45839D
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,?,?,?), ref: 00416B84
                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00416B9E
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00416BB8
                                                                                                            • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BE0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$CallMessageProcSendTextWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 601730667-0
                                                                                                            • Opcode ID: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                            • Instruction ID: 4ea48ea5c9b96bae81565ca4ce64eb356f32bd46963e120bc97d04dec40f2685
                                                                                                            • Opcode Fuzzy Hash: 072521f5090f240ceba025e33949739ce14f97652003165ca459573163e57643
                                                                                                            • Instruction Fuzzy Hash: BC115171705604AFD710EE6ECC84E8777ECEF49310715887EB959CB612C638F8418B69
                                                                                                            APIs
                                                                                                            • WaitForInputIdle.USER32(?,00000032), ref: 00454FA8
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454FCA
                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00454FD9
                                                                                                            • CloseHandle.KERNEL32(?,00455006,00454FFF,?,?,?,00000000,?,?,004551DB,?,?,?,00000044,00000000,00000000), ref: 00454FF9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 4071923889-0
                                                                                                            • Opcode ID: 7a90289248fc1b73338e990bec893a2b2f0b3f31367c070c083f3916a619ed36
                                                                                                            • Instruction ID: ea90b2abd28d60bbe0c33bbe6d7a83e36ef454db8471bda6b5c19e9a906557d9
                                                                                                            • Opcode Fuzzy Hash: 7a90289248fc1b73338e990bec893a2b2f0b3f31367c070c083f3916a619ed36
                                                                                                            • Instruction Fuzzy Hash: B9012D31A006097FEB1097AA8C02F6FBBECDF49764F610127F904D72C2C5788D409A78
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0042311E
                                                                                                            • EnumFontsA.GDI32(00000000,00000000,00423068,00410460,00000000,?,?,00000000,?,00418FD3,00000000,?,?,?,00000001), ref: 00423131
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00423139
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00423144
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDeviceEnumFontsRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 2698912916-0
                                                                                                            • Opcode ID: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                            • Instruction ID: a9d24610abdaa6694e735d00c6d38f20457f2ac5f1468c421a1b182fb2ef8db9
                                                                                                            • Opcode Fuzzy Hash: ae3b46bdf4144dece9088701a44aa945a4d7eb571b2044da6dc5baa79edeb2ca
                                                                                                            • Instruction Fuzzy Hash: 8D01CC716042102AE700BF6A5C82B9B3AA49F01319F40027BF808AA3C6DA7E980547AE
                                                                                                            APIs
                                                                                                            • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 730355536-0
                                                                                                            • Opcode ID: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                                            • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                                                            • Opcode Fuzzy Hash: 46a689739c098c0829933ff4921327776432a14e69d4c62b65241a59cfc7f4a2
                                                                                                            • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                                                            APIs
                                                                                                              • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                                            • FlushFileBuffers.KERNEL32(?), ref: 0045C2E9
                                                                                                            Strings
                                                                                                            • EndOffset range exceeded, xrefs: 0045C21D
                                                                                                            • NumRecs range exceeded, xrefs: 0045C1E6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$BuffersFlush
                                                                                                            • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                                                            • API String ID: 3593489403-659731555
                                                                                                            • Opcode ID: 8bf98c9d60884cf3bb303afe6a2d902a3b8c4cda653ee0cbd8c8d24135a36091
                                                                                                            • Instruction ID: 054e4d8252a4b7fe708e1d13fc1942b3136e6dcde41ac9beef610e5760cb7d56
                                                                                                            • Opcode Fuzzy Hash: 8bf98c9d60884cf3bb303afe6a2d902a3b8c4cda653ee0cbd8c8d24135a36091
                                                                                                            • Instruction Fuzzy Hash: D3615434A002588FDB25DF25D881AD9B7B5AF49305F0084DAED89AB353D774AEC8CF54
                                                                                                            APIs
                                                                                                              • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,00498726), ref: 0040334B
                                                                                                              • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,00498726), ref: 00403356
                                                                                                              • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498730), ref: 00406322
                                                                                                              • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                                                              • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                                                              • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                                                              • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00498730), ref: 00406366
                                                                                                              • Part of subcall function 004063C4: 6F9C1CD0.COMCTL32(00498735), ref: 004063C4
                                                                                                              • Part of subcall function 00410764: GetCurrentThreadId.KERNEL32 ref: 004107B2
                                                                                                              • Part of subcall function 00419040: GetVersion.KERNEL32(0049874E), ref: 00419040
                                                                                                              • Part of subcall function 0044F744: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498762), ref: 0044F77F
                                                                                                              • Part of subcall function 0044F744: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                              • Part of subcall function 0044FC10: GetVersionExA.KERNEL32(0049B790,00498767), ref: 0044FC1F
                                                                                                              • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 00453210
                                                                                                              • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453216
                                                                                                              • Part of subcall function 004531F0: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00453289,?,?,?,?,00000000,?,00498776), ref: 0045322A
                                                                                                              • Part of subcall function 004531F0: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453230
                                                                                                              • Part of subcall function 00456F00: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F24
                                                                                                              • Part of subcall function 00464468: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049878A), ref: 00464477
                                                                                                              • Part of subcall function 00464468: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0046447D
                                                                                                              • Part of subcall function 0046CC64: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC79
                                                                                                              • Part of subcall function 00478740: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498794), ref: 00478746
                                                                                                              • Part of subcall function 00478740: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478753
                                                                                                              • Part of subcall function 00478740: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478763
                                                                                                              • Part of subcall function 00483A6C: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00483B5B
                                                                                                              • Part of subcall function 00495724: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 0049573D
                                                                                                            • SetErrorMode.KERNEL32(00000001,00000000,004987DC), ref: 004987AE
                                                                                                              • Part of subcall function 004984D8: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,004987B8,00000001,00000000,004987DC), ref: 004984E2
                                                                                                              • Part of subcall function 004984D8: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004984E8
                                                                                                              • Part of subcall function 004244D4: SendMessageA.USER32(?,0000B020,00000000,?), ref: 004244F3
                                                                                                              • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                            • ShowWindow.USER32(?,00000005,00000000,004987DC), ref: 0049880F
                                                                                                              • Part of subcall function 004820AC: SetActiveWindow.USER32(?), ref: 0048215A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorFormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                                                            • String ID: Setup
                                                                                                            • API String ID: 504348408-3839654196
                                                                                                            • Opcode ID: 4026870168645be20c4e504289bca16f7fc9894158eff1610b8fe089479f565d
                                                                                                            • Instruction ID: 72ad643eee306aeb53380572695708c68149a0501138caf3355f256a6ce1e3ac
                                                                                                            • Opcode Fuzzy Hash: 4026870168645be20c4e504289bca16f7fc9894158eff1610b8fe089479f565d
                                                                                                            • Instruction Fuzzy Hash: 7931C5712046409ED705BBBBAC5392D3B94EF8A728BA2447FF80486593DE3C58508A7F
                                                                                                            APIs
                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A6A
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453B13,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A73
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                            • String ID: .tmp
                                                                                                            • API String ID: 1375471231-2986845003
                                                                                                            • Opcode ID: 7172d9ffade96b62561a832a68f8cbe161be4b5cae50dfb87ffdb02f7c338e4f
                                                                                                            • Instruction ID: ea6adcadec8e2c01cafa1ba510acc1338588d6ec7b4e1cf88163bb5bfef62d35
                                                                                                            • Opcode Fuzzy Hash: 7172d9ffade96b62561a832a68f8cbe161be4b5cae50dfb87ffdb02f7c338e4f
                                                                                                            • Instruction Fuzzy Hash: A9213575A002089BDB01EFA1C8429DEB7B8EF49305F50457BE801B7343DA3CAF058B69
                                                                                                            APIs
                                                                                                              • Part of subcall function 00483560: GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483571
                                                                                                              • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0048357E
                                                                                                              • Part of subcall function 00483560: GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 0048358C
                                                                                                              • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00483594
                                                                                                              • Part of subcall function 00483560: GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 004835A0
                                                                                                              • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 004835C1
                                                                                                              • Part of subcall function 00483560: GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 004835D4
                                                                                                              • Part of subcall function 00483560: GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 004835DA
                                                                                                              • Part of subcall function 0048388C: GetVersionExA.KERNEL32(?,00483A9E,00000000,00483B73,?,?,?,?,?,00498799), ref: 0048389A
                                                                                                              • Part of subcall function 0048388C: GetVersionExA.KERNEL32(0000009C,?,00483A9E,00000000,00483B73,?,?,?,?,?,00498799), ref: 004838EC
                                                                                                              • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                              • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 00483B5B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModuleVersion$CurrentErrorInfoLibraryLoadModeNativeProcessSystem
                                                                                                            • String ID: SHGetKnownFolderPath$shell32.dll
                                                                                                            • API String ID: 3869789854-2936008475
                                                                                                            • Opcode ID: 36bbd7205677a14235ded179242f98fe4396733ea939f399f849956901c26b03
                                                                                                            • Instruction ID: 33d3db6593e9873a674f830e342c1c65c6cab746408e9d399a43700aa418428b
                                                                                                            • Opcode Fuzzy Hash: 36bbd7205677a14235ded179242f98fe4396733ea939f399f849956901c26b03
                                                                                                            • Instruction Fuzzy Hash: 672100B06503516EC300BF7E59A661A3BA5EB5474C380893FF804EB3D2D77E68145BAE
                                                                                                            APIs
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C41C,00000000,0047C432), ref: 0047C12A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID: RegisteredOrganization$RegisteredOwner
                                                                                                            • API String ID: 3535843008-1113070880
                                                                                                            • Opcode ID: 0e90ec8331aa68b80fdbd6afaabfad8867ded4c3b6cad332e65b349247218e2d
                                                                                                            • Instruction ID: 6af266579ce0f4cae339b7a6725c06c490679c1ac7d4d5cc7f46b4f942b6f465
                                                                                                            • Opcode Fuzzy Hash: 0e90ec8331aa68b80fdbd6afaabfad8867ded4c3b6cad332e65b349247218e2d
                                                                                                            • Instruction Fuzzy Hash: 32F0B430704244AFDB04DAA8EDD2BAA776AD741304FA4803FE1048F382D679DE019BAC
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004752F7), ref: 004750E5
                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,004752F7), ref: 004750FC
                                                                                                              • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateErrorFileHandleLast
                                                                                                            • String ID: CreateFile
                                                                                                            • API String ID: 2528220319-823142352
                                                                                                            • Opcode ID: bbf61bf67fe349c097a8a02b07410db95704594b340b54041ead5b805cfa0960
                                                                                                            • Instruction ID: 6399d4087dc53d24fa9d3bc8bb06fd86b45c214eecae9240140a798b65cacfb0
                                                                                                            • Opcode Fuzzy Hash: bbf61bf67fe349c097a8a02b07410db95704594b340b54041ead5b805cfa0960
                                                                                                            • Instruction Fuzzy Hash: 18E06D302407447BEA10FA69CCC6F4A77989B04768F10C162FA48AF3E2C5B9EC408658
                                                                                                            APIs
                                                                                                              • Part of subcall function 00456E90: CoInitialize.OLE32(00000000), ref: 00456E96
                                                                                                              • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                              • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                            • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456F24
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                                                            • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                            • API String ID: 2906209438-2320870614
                                                                                                            • Opcode ID: 3ee7a517847f468c0619dab237ccb69dbf9a8b231eaadc82d937c3bc473404de
                                                                                                            • Instruction ID: 06a1b1eafb8ede6a4ef061af05be88198505768e1dcfa776260a5a664dfb1d55
                                                                                                            • Opcode Fuzzy Hash: 3ee7a517847f468c0619dab237ccb69dbf9a8b231eaadc82d937c3bc473404de
                                                                                                            • Instruction Fuzzy Hash: BBC04CA1F5271156CA00BBFA655361F2805DB5031FBD2803FB948A7587CE7C9C095B6E
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042E394: SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                              • Part of subcall function 0042E394: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                            • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC79
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorLibraryLoadModeProc
                                                                                                            • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                            • API String ID: 2492108670-2683653824
                                                                                                            • Opcode ID: 86cf81fee744bb21f40f36152ca0a59654e50c5ee39d1ae44c17eff86845b0ac
                                                                                                            • Instruction ID: d379c4162c5a45317e257a8b9368072ef34678a45322f04a033aff34d3fd6743
                                                                                                            • Opcode Fuzzy Hash: 86cf81fee744bb21f40f36152ca0a59654e50c5ee39d1ae44c17eff86845b0ac
                                                                                                            • Instruction Fuzzy Hash: 4BB092A06027018ADB00F7F258A662B28099B40319B20803B71889B685EE3C88004BAF
                                                                                                            APIs
                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,00000000,00448709), ref: 0044864C
                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 004486CD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 2574300362-0
                                                                                                            • Opcode ID: c059e024c9e6eb8416f72924d9350c7e8f021855cc9b01300ad62ba4517ae118
                                                                                                            • Instruction ID: 2eaa58f6359003fef9dee836e3db1fa56ae38c906bc4f4c4d93ca6671f7cd4fb
                                                                                                            • Opcode Fuzzy Hash: c059e024c9e6eb8416f72924d9350c7e8f021855cc9b01300ad62ba4517ae118
                                                                                                            • Instruction Fuzzy Hash: 14515470E00105AFDB40EF95C491AAEBBF9EB45319F11817FE414BB391DA389E05CB99
                                                                                                            APIs
                                                                                                            • GetSystemMenu.USER32(00000000,00000000,00000000,00481898), ref: 00481830
                                                                                                            • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00481841
                                                                                                            • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00481859
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Append$System
                                                                                                            • String ID:
                                                                                                            • API String ID: 1489644407-0
                                                                                                            • Opcode ID: d933746ff7b66401e606975732ccc260a02719cdd81df1f2e9532199b1c22675
                                                                                                            • Instruction ID: 2579a7d5db53e33ee4863251c1290a2b13440539eb68b17f0e677d1311332c65
                                                                                                            • Opcode Fuzzy Hash: d933746ff7b66401e606975732ccc260a02719cdd81df1f2e9532199b1c22675
                                                                                                            • Instruction Fuzzy Hash: A131A3307043445AD721BB769C83B6E3B989F55718F54587FF8009A2E3CA7C9D0A879D
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0044B401
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0044B424
                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 0044B457
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectReleaseSelect
                                                                                                            • String ID:
                                                                                                            • API String ID: 1831053106-0
                                                                                                            • Opcode ID: 71686dd1bf2aceb477ce3f8db4b541325f82ff5bc32dc74031120fde16d0cea8
                                                                                                            • Instruction ID: 242bcfed98594cbdcf51f2854abe94a1ec69c13560e3a72339b9f4254961cc58
                                                                                                            • Opcode Fuzzy Hash: 71686dd1bf2aceb477ce3f8db4b541325f82ff5bc32dc74031120fde16d0cea8
                                                                                                            • Instruction Fuzzy Hash: 62216570A04248AFEB15DFA6C841B9F7BB9DB49304F11806AF904A7682D778D940CB59
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B14C,?,004820C7,?,?), ref: 0044B11E
                                                                                                            • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B131
                                                                                                            • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B165
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DrawText$ByteCharMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 65125430-0
                                                                                                            • Opcode ID: 48900d8d8fc19135f8d19aada3e9e9d8d34cb92564939e70bb5bc2663f887e99
                                                                                                            • Instruction ID: fec6fabf6d030a51aab30bc406273ff78954f96defe81b00f374268ef7e1f253
                                                                                                            • Opcode Fuzzy Hash: 48900d8d8fc19135f8d19aada3e9e9d8d34cb92564939e70bb5bc2663f887e99
                                                                                                            • Instruction Fuzzy Hash: 2A11CBB27046047FEB00DB6A9C91D6F77ECDB49750F10817BF504D72D0D6399E018669
                                                                                                            APIs
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00424412
                                                                                                            • TranslateMessage.USER32(?), ref: 0042448F
                                                                                                            • DispatchMessageA.USER32(?), ref: 00424499
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$DispatchPeekTranslate
                                                                                                            • String ID:
                                                                                                            • API String ID: 4217535847-0
                                                                                                            • Opcode ID: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                            • Instruction ID: 8eae6dca0d2455523dd27ca57e4683f6da326f6f2f90499d04ddbfd693f83f9d
                                                                                                            • Opcode Fuzzy Hash: d4f7142ddfb2041a0388c754ad29f8297397d1c5d5a6fc901d04af05902ad934
                                                                                                            • Instruction Fuzzy Hash: E3116D303043205AEB20FA24A941B9F73D4DFC5758F80481EFC99972C2D77D9D49879A
                                                                                                            APIs
                                                                                                            • SetPropA.USER32(00000000,00000000), ref: 0041666A
                                                                                                            • SetPropA.USER32(00000000,00000000), ref: 0041667F
                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 004166A6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Prop$Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 3363284559-0
                                                                                                            • Opcode ID: ff8df5d04f2ecdb5f17762fdbd8b59dc717163ef82ea70d213bab306533cf9bb
                                                                                                            • Instruction ID: 6913c5f2d07602d921388148e43cadd8ab2d6729f30613f48e4cae6714e3bc13
                                                                                                            • Opcode Fuzzy Hash: ff8df5d04f2ecdb5f17762fdbd8b59dc717163ef82ea70d213bab306533cf9bb
                                                                                                            • Instruction Fuzzy Hash: ACF01271701210ABDB10AB599C85FA732DCAB09714F16057AB905EF286C778DC40C7A8
                                                                                                            APIs
                                                                                                            • IsWindowVisible.USER32(?), ref: 0041EE64
                                                                                                            • IsWindowEnabled.USER32(?), ref: 0041EE6E
                                                                                                            • EnableWindow.USER32(?,00000000), ref: 0041EE94
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$EnableEnabledVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 3234591441-0
                                                                                                            • Opcode ID: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                            • Instruction ID: 3b4cb379701a2ac24b7d0c87bf9454d2e26b3d0fb89a85d5a5a22e513a73856b
                                                                                                            • Opcode Fuzzy Hash: 495d6a49dc4b54b7e424eeae3cce025a94256eba33976185de8149e812397146
                                                                                                            • Instruction Fuzzy Hash: EAE06DB5100301AAE301AB2BDC81B5B7A9CAB54350F05843BA9089B292D63ADC408B7C
                                                                                                            APIs
                                                                                                            • SetActiveWindow.USER32(?), ref: 00469EA1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ActiveWindow
                                                                                                            • String ID: PrepareToInstall
                                                                                                            • API String ID: 2558294473-1101760603
                                                                                                            • Opcode ID: e58a16817a64f5759f31888600c1354bb1a8a8b494c3c93af2f1dbc242ca25c6
                                                                                                            • Instruction ID: ccacc6dcba8b8cbbfa1c17f86b27e08b0c11e5798d11daccd90c331c988b02c3
                                                                                                            • Opcode Fuzzy Hash: e58a16817a64f5759f31888600c1354bb1a8a8b494c3c93af2f1dbc242ca25c6
                                                                                                            • Instruction Fuzzy Hash: 7EA11934A00109DFCB00EF59D986EDEB7F5AF48304F6580B6E404AB366D778AE41DB99
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: /:*?"<>|
                                                                                                            • API String ID: 0-4078764451
                                                                                                            • Opcode ID: 43277fb1c717e2606564b112b1b0681d416f5021830c97b09ce096e65d7cf365
                                                                                                            • Instruction ID: 1e87f3d38ec7dbf16fc1afa4daea9e6ca85b65b9a8fb7c68475855461939e3a0
                                                                                                            • Opcode Fuzzy Hash: 43277fb1c717e2606564b112b1b0681d416f5021830c97b09ce096e65d7cf365
                                                                                                            • Instruction Fuzzy Hash: 4371A470A40214ABDB10EB66DDD2BEE77A19F40308F1084A7F580AB392E779AD45875F
                                                                                                            APIs
                                                                                                            • SetActiveWindow.USER32(?), ref: 0048215A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ActiveWindow
                                                                                                            • String ID: InitializeWizard
                                                                                                            • API String ID: 2558294473-2356795471
                                                                                                            • Opcode ID: 376233a1d1dddbf1dd43b25fae561af2bf40b6633c4dd7a0e8b1389a7c4343be
                                                                                                            • Instruction ID: 36b0f45b5e581da985bac651985c8aaa8d6a9bed6a39233588f506be3a995c8b
                                                                                                            • Opcode Fuzzy Hash: 376233a1d1dddbf1dd43b25fae561af2bf40b6633c4dd7a0e8b1389a7c4343be
                                                                                                            • Instruction Fuzzy Hash: 79119434205200AFD701FBA9EEDAB1937E4EB59328F60047BF5009B6A1DA796C00CB5D
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047C230,00000000,0047C432), ref: 0047C029
                                                                                                            Strings
                                                                                                            • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047BFF9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                                                            • API String ID: 47109696-1019749484
                                                                                                            • Opcode ID: 91d5c32787d00ddb3ecc29a404e36154aacf37a6ecdb6076e024b20848598476
                                                                                                            • Instruction ID: 5930872802659161668f2fc27ec2b8a5c579264ce8ecaca434dd7baa373bea44
                                                                                                            • Opcode Fuzzy Hash: 91d5c32787d00ddb3ecc29a404e36154aacf37a6ecdb6076e024b20848598476
                                                                                                            • Instruction Fuzzy Hash: B1F08231700514A7DA00A69E6D82B9BA79D9B84758F20403FF508DB242DABE9E0202EC
                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,00475FFE,?,0049C1DC,?,0046EFCF,?,00000000,0046F56A,?,_is1), ref: 0046ECDB
                                                                                                            Strings
                                                                                                            • Inno Setup: Setup Version, xrefs: 0046ECD9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value
                                                                                                            • String ID: Inno Setup: Setup Version
                                                                                                            • API String ID: 3702945584-4166306022
                                                                                                            • Opcode ID: 56bbb1f4a6cd77c20b542710a526df67742b244f3cd53e0af7fea37619b23a66
                                                                                                            • Instruction ID: 3111e2ab1a00cbee8849f506c2bc3fe53732bb3e30b7299e44938699edfd3f7c
                                                                                                            • Opcode Fuzzy Hash: 56bbb1f4a6cd77c20b542710a526df67742b244f3cd53e0af7fea37619b23a66
                                                                                                            • Instruction Fuzzy Hash: 71E06D753012043FE710AA2B9C85F5BBBDCDF99765F10403AB909DB392D978DD0085A8
                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F3A6,?,?,00000000,0046F56A,?,_is1,?), ref: 0046ED3B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value
                                                                                                            • String ID: NoModify
                                                                                                            • API String ID: 3702945584-1699962838
                                                                                                            • Opcode ID: 306e8526e04bb1da42350282118940b5300f429dbb2620f70078b8bfc6bd1a7c
                                                                                                            • Instruction ID: e7aa99f2e089c5623e338f59092b711216c244eb116ac0446a77828d65f342ac
                                                                                                            • Opcode Fuzzy Hash: 306e8526e04bb1da42350282118940b5300f429dbb2620f70078b8bfc6bd1a7c
                                                                                                            • Instruction Fuzzy Hash: 3AE04FB4640304BFEB04DB55CD4AF6B77ECDB48710F104059BA049B291E674FE00CA68
                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            Strings
                                                                                                            • System\CurrentControlSet\Control\Windows, xrefs: 0042DE36
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Open
                                                                                                            • String ID: System\CurrentControlSet\Control\Windows
                                                                                                            • API String ID: 71445658-1109719901
                                                                                                            • Opcode ID: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                            • Instruction ID: 60e43675bb36a9eef4a15598a1848ca3f705ecc445ee8c9fe52fc6b05f1352bb
                                                                                                            • Opcode Fuzzy Hash: a11f376e1d034aeb0d9ae53f60934921bcd728bb93d306f1768079d63b1ffdfe
                                                                                                            • Instruction Fuzzy Hash: 29D09E72950128BB9B009A89DC41DFB775DDB15760F45441BF9049B141C5B4AC5197E4
                                                                                                            APIs
                                                                                                            • GetACP.KERNEL32(?,?,00000001,00000000,0047E237,?,-0000001A,004800ED,-00000010,?,00000004,0000001B,00000000,0048043A,?,0045D9B8), ref: 0047DFCE
                                                                                                              • Part of subcall function 0042E31C: GetDC.USER32(00000000), ref: 0042E32B
                                                                                                              • Part of subcall function 0042E31C: EnumFontsA.GDI32(?,00000000,0042E308,00000000,00000000,0042E374,?,00000000,00000000,004804A1,?,?,00000001,00000000,00000002,00000000), ref: 0042E356
                                                                                                              • Part of subcall function 0042E31C: ReleaseDC.USER32(00000000,?), ref: 0042E36E
                                                                                                            • SendNotifyMessageA.USER32(0001042C,00000496,00002711,-00000001), ref: 0047E19E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnumFontsMessageNotifyReleaseSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 2649214853-0
                                                                                                            • Opcode ID: e029a571d7ea910feaf489f47ebd39d374a0288316229fc386b1e2e4e1e2ac40
                                                                                                            • Instruction ID: 52cd92918bf59317d76ec0dbded9268cc5ddbf6ebeab8dbad6023b52803fe890
                                                                                                            • Opcode Fuzzy Hash: e029a571d7ea910feaf489f47ebd39d374a0288316229fc386b1e2e4e1e2ac40
                                                                                                            • Instruction Fuzzy Hash: 045196746001108BC710FF26D981A9B37E9EB58308B90C67BA4089B3A7CB7CDD46CB9D
                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,004021FC), ref: 004020CB
                                                                                                              • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                              • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                              • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                              • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$AllocInitializeLeaveLocal
                                                                                                            • String ID:
                                                                                                            • API String ID: 296031713-0
                                                                                                            • Opcode ID: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                                            • Instruction ID: 30adadd309813d1a6846ca6b4958dbaac508113c784b73a5bb8d11bfdb372a30
                                                                                                            • Opcode Fuzzy Hash: ab3545b22e3440e815b1719652ff5d854977479bd1b850cbba673e5eb4522dee
                                                                                                            • Instruction Fuzzy Hash: 3941E3B2E00304DFDB10CF69EE8521A77A4F7A8324B15417FD854A77E2D3789801DB88
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DC3C
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD38), ref: 0042DCAC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                            • Instruction ID: 5bd1c55a509b6dee259ffcee94d68868fe84ce326e73fb4cf6662c4527ef549e
                                                                                                            • Opcode Fuzzy Hash: b62dc44b296d1c54c0416b8d239270b5fe200a79a82432283709fd1da487490f
                                                                                                            • Instruction Fuzzy Hash: 9D414171E00529ABDB11DF95D881BAFB7B8EB04704F918466E810F7241D778AE00CBA5
                                                                                                            APIs
                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DF6C
                                                                                                            • RegCloseKey.ADVAPI32(?,0042DFDD,?,00000000,00000000,00000000,00000000,00000000,0042DFD6,?,?,00000008,00000000,00000000,0042E003), ref: 0042DFD0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseEnum
                                                                                                            • String ID:
                                                                                                            • API String ID: 2818636725-0
                                                                                                            • Opcode ID: 4ba9105902ea8f19abce0b58cfd6361b4b3e39fae621ffe28cce2eb109bf1346
                                                                                                            • Instruction ID: d62689c7b7995b9893119ef97773413105dd68debc8ff02f2d4f9d8a28cc91ff
                                                                                                            • Opcode Fuzzy Hash: 4ba9105902ea8f19abce0b58cfd6361b4b3e39fae621ffe28cce2eb109bf1346
                                                                                                            • Instruction Fuzzy Hash: DD31B270F04258AEDB11DFA6DD42BAEBBB9EB49304F91407BE501E6280D6785E01CA2D
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,?,?,004580C8,00000000,004580B0,?,?,?,00000000,00452862,?,?,?,00000001), ref: 0045283C
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,?,?,004580C8,00000000,004580B0,?,?,?,00000000,00452862,?,?,?,00000001), ref: 00452844
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateErrorLastProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2919029540-0
                                                                                                            • Opcode ID: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                            • Instruction ID: fcc055d8c1a696a2a0db1e32a085008d871673fec5534948229a16d4440eefa6
                                                                                                            • Opcode Fuzzy Hash: 32d7980bd8ec2bee900e92c865b72ef71cfaa45d55aa0c85c0401d49ed696f28
                                                                                                            • Instruction Fuzzy Hash: A2113C72600208AF8B40DEA9DD41D9F77ECEB4E310B114567FD18D3241D678EE148B68
                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040ADF2
                                                                                                            • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040AF4F,00000000,0040AF67,?,?,?,00000000), ref: 0040AE03
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFree
                                                                                                            • String ID:
                                                                                                            • API String ID: 4097029671-0
                                                                                                            • Opcode ID: 724046dbf40c25189cee710f776ecaa222692b14a71540f68148777f5d1b7dbd
                                                                                                            • Instruction ID: 3d7a77417cef7b3885e8747e4544195f2de945da78ee84bb1155330bb8f828e3
                                                                                                            • Opcode Fuzzy Hash: 724046dbf40c25189cee710f776ecaa222692b14a71540f68148777f5d1b7dbd
                                                                                                            • Instruction Fuzzy Hash: 0301F771300700AFD700FF69EC52E1B77EDDB46714710807AF500AB3D1D639AC10966A
                                                                                                            APIs
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                            • EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$CurrentEnumWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 2396873506-0
                                                                                                            • Opcode ID: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                            • Instruction ID: bcaa23655132f8f2785c0a842f21b48ac99b37e3223c43442b01e3940dbd0cdf
                                                                                                            • Opcode Fuzzy Hash: 30aad164e0a195eeb96462141dc827bf49acbc8680001675c00c89b7ac155170
                                                                                                            • Instruction Fuzzy Hash: 31015B76A04604BFD706CF6BEC1199ABBE8E789720B22887BEC04D3690E7355C10DF18
                                                                                                            APIs
                                                                                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 00452CC2
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00452CE8), ref: 00452CCA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLastMove
                                                                                                            • String ID:
                                                                                                            • API String ID: 55378915-0
                                                                                                            • Opcode ID: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                            • Instruction ID: 1f9035ddd188b097fe3d15476f32cd7793c58c8f4df07880d9fc6ba60e4ff235
                                                                                                            • Opcode Fuzzy Hash: 92f277caa9c3c56662d1ce6f28aaa0531c95695199337b3952b9b7b9e7465d28
                                                                                                            • Instruction Fuzzy Hash: 9401D671A04208AB8712EB799D4149EB7ECEB8A32575045BBFC04E3243EA785E048558
                                                                                                            APIs
                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527A9
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,004527CF), ref: 004527B1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1375471231-0
                                                                                                            • Opcode ID: 6f9ba9aa6754c9e5f92aa980ec9340f602ab7068810135e8d813bbe39961caa9
                                                                                                            • Instruction ID: e3b373b60118a844676bb749001e6832c3b26a50706decb61b3ae2e0e224b701
                                                                                                            • Opcode Fuzzy Hash: 6f9ba9aa6754c9e5f92aa980ec9340f602ab7068810135e8d813bbe39961caa9
                                                                                                            • Instruction Fuzzy Hash: 40F02871A00308BBCB01EF759D4259EB7E8EB4E311B2045B7FC04E3642E6B94E04859C
                                                                                                            APIs
                                                                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 00423249
                                                                                                            • LoadCursorA.USER32(00000000,00000000), ref: 00423273
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CursorLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 3238433803-0
                                                                                                            • Opcode ID: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                            • Instruction ID: 5e34cf6406f075c2c63d733b1f02ef4b9a88184ee1572dc0f3c8875cc615d59b
                                                                                                            • Opcode Fuzzy Hash: 0c9a104e89a33193f60416200903d3bd70bbd31149720632682593485f60625b
                                                                                                            • Instruction Fuzzy Hash: 9EF0A711B04254AADA109E7E6CC0D6B72A8DF82735B61037BFA3EC72D1C62E1D414569
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00008000), ref: 0042E39E
                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E8,?,00000000,0042E406,?,00008000), ref: 0042E3CD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLibraryLoadMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2987862817-0
                                                                                                            • Opcode ID: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                            • Instruction ID: 14c2566281f292fbf4bc3f3871eddb8f7eb4f11f4d1149329263d7d1c8790498
                                                                                                            • Opcode Fuzzy Hash: 4bb5710dc3172506f3a82e57bec548632d1945d06b3d92e94bd16d63dfaa8550
                                                                                                            • Instruction Fuzzy Hash: 02F08970B147447FDB119F779CA241BBBECDB49B1175249B6F800A3591E53C4910C928
                                                                                                            APIs
                                                                                                            • SHGetKnownFolderPath.SHELL32(00499D2C,00008000,00000000,?), ref: 0047C38B
                                                                                                            • CoTaskMemFree.OLE32(?,0047C3CE), ref: 0047C3C1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FolderFreeKnownPathTask
                                                                                                            • String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
                                                                                                            • API String ID: 969438705-544719455
                                                                                                            • Opcode ID: f6c6a059b63e4d54008f1ffce5751a4521167e095c9041d7631769de42763c2c
                                                                                                            • Instruction ID: 7faaca218829a84c9f3570f99a5fa1a3454177a5e5567d2e8256f64c4bc7b3ab
                                                                                                            • Opcode Fuzzy Hash: f6c6a059b63e4d54008f1ffce5751a4521167e095c9041d7631769de42763c2c
                                                                                                            • Instruction Fuzzy Hash: 77E09B31340604AFEB219B619C92B6D77ACE744B00B718477F900E26C0D67CAD14991C
                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,0046FFBD,?,00000000), ref: 0045090E
                                                                                                            • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,0046FFBD,?,00000000), ref: 00450916
                                                                                                              • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,0049799C,00000001,00000000,00000002,00000000,00497AFD,?,?,00000005,00000000,00497B31), ref: 004506B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$FilePointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 1156039329-0
                                                                                                            • Opcode ID: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                            • Instruction ID: 32d43412562f4d6ab64aa8be608e77008e370c57458e4df53f7444e76f76d0cb
                                                                                                            • Opcode Fuzzy Hash: ec46a7bc9e5a7a34518fa7989fb6988307d7ef9dfce9dbcd61575ad1106d4b51
                                                                                                            • Instruction Fuzzy Hash: 0EE012E93042015BF700EA6599C1B2F22DCDB44315F00446ABD44CA28BE678CC048B29
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$AllocFree
                                                                                                            • String ID:
                                                                                                            • API String ID: 2087232378-0
                                                                                                            • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                            • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                                                            • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                                                            • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                                                            APIs
                                                                                                            • GetSystemDefaultLCID.KERNEL32(00000000,00408712), ref: 004085FB
                                                                                                              • Part of subcall function 00406DEC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406E09
                                                                                                              • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DefaultInfoLoadLocaleStringSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 1658689577-0
                                                                                                            • Opcode ID: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                            • Instruction ID: 9026c6f0acc6bf601755118861b832b1e3c4c92574a9a05948c89544872af2a3
                                                                                                            • Opcode Fuzzy Hash: 92125e52594e5bc8ee6d97e09480d95589045c4468e862feaba19903f63d3f1d
                                                                                                            • Instruction Fuzzy Hash: 47314E35E00109ABCB00EB55CC819EEB779EF84314F558577E815BB286EB38AA018B98
                                                                                                            APIs
                                                                                                            • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC39
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoScroll
                                                                                                            • String ID:
                                                                                                            • API String ID: 629608716-0
                                                                                                            • Opcode ID: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                            • Instruction ID: 6365c2cd079840e4170b7c9ce409c3d873e807bce8729d2e10e5c00059922083
                                                                                                            • Opcode Fuzzy Hash: a0ce2aaa01497ac04468ea6ac7a83421c49688bcbeeff2d3e991700215f3b25f
                                                                                                            • Instruction Fuzzy Hash: D8214FB1608746AFC351DF3984407A6BBE4BB48344F14893EE498C3741E778E99ACBD6
                                                                                                            APIs
                                                                                                              • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                              • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                            • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C322,?,00000000,?,?,0046C534,?,00000000,0046C5A8), ref: 0046C306
                                                                                                              • Part of subcall function 0041EF58: IsWindow.USER32(?), ref: 0041EF66
                                                                                                              • Part of subcall function 0041EF58: EnableWindow.USER32(?,00000001), ref: 0041EF75
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3319771486-0
                                                                                                            • Opcode ID: 372a16360b70271e3fbe54b3c8c2dd1bf1f72266d056807abca4c83ddb60c27c
                                                                                                            • Instruction ID: ca087fa44df162080e90021c0b7c07397410ce2cdc620b11c20c1b42f9b7769a
                                                                                                            • Opcode Fuzzy Hash: 372a16360b70271e3fbe54b3c8c2dd1bf1f72266d056807abca4c83ddb60c27c
                                                                                                            • Instruction Fuzzy Hash: 93F0B470204300BFEB059FA6ED96B2576D8D748714FA1443BF904C6290E57D5880852E
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                            • Instruction ID: 51b66c86ab1fb2ed9abdb0db83839a26410808368eb32e0cb4295e2ee82716ff
                                                                                                            • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                                                            • Instruction Fuzzy Hash: 09F04970608109EBBB1CCF58D0618AF7BA0EB48300F2080AFE907C7BA0D634AA80D658
                                                                                                            APIs
                                                                                                            • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 00416585
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                            • Instruction ID: 158b8484bb218b41c698b3aa21f26e2dd86497bc01e640ef524e7c8f4c0ee3c6
                                                                                                            • Opcode Fuzzy Hash: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                                                            • Instruction Fuzzy Hash: 4BF019B2200510AFDB84DE9CD9C0F9773ECEB0C210B0481A6FA08CB21AD220EC108BB0
                                                                                                            APIs
                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149EF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2492992576-0
                                                                                                            • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                            • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                                                            • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                                                            • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00450804
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                            • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                                                            • Opcode Fuzzy Hash: ce99838f7be0491c6923214398908b2fd93372403a84c7b432a549debe4dc153
                                                                                                            • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD14,?,00000001,?,?,00000000,?,0042CD66,00000000,00452A25,00000000,00452A46,?,00000000), ref: 0042CCF7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                            • Instruction ID: d3c11148bbbe1678040d416a6bc301cfea82702c80b798926358c5e84281cc0e
                                                                                                            • Opcode Fuzzy Hash: 2e3447488e8940f063bbcfc4a9008e9bc81ad59ac090e4e62a8f5aa92ecca264
                                                                                                            • Instruction Fuzzy Hash: 80E065B1304304BFD701EB66EC92A5EBAACDB49754BA14876B50097592D5B86E008468
                                                                                                            APIs
                                                                                                            • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FormatMessage
                                                                                                            • String ID:
                                                                                                            • API String ID: 1306739567-0
                                                                                                            • Opcode ID: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                            • Instruction ID: fbc307da5c1359fbfbc351051067b699ae1438aedf6613c80dda169529e76e7e
                                                                                                            • Opcode Fuzzy Hash: 07eb917982e44065cc90d67cadef310e262c4caec6bcfbb1197f6d5f5d2cfc19
                                                                                                            • Instruction Fuzzy Hash: BCE0206278431116F2353416AC47B77150E43C0708F944027BB90DF3D3D6AF9945D25E
                                                                                                            APIs
                                                                                                            • GetTextExtentPointA.GDI32(?,00000000,00000000), ref: 0041AF9B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExtentPointText
                                                                                                            • String ID:
                                                                                                            • API String ID: 566491939-0
                                                                                                            • Opcode ID: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                            • Instruction ID: 6b43be1268843882f9474f888990ee0a0f71ddbfb678ee1088bae751a0726d8f
                                                                                                            • Opcode Fuzzy Hash: fe3873e992a20e622ffaf78f93863b288a9be0a8311253c2d6346deae250c6a6
                                                                                                            • Instruction Fuzzy Hash: E3E086F13097102BD600E67E1DC19DB77DC8A483697148177F458E7392D62DDE1A43AE
                                                                                                            APIs
                                                                                                            • CreateWindowExA.USER32(00000000,0042367C,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00406311
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 716092398-0
                                                                                                            • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                            • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                                                                            • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                                                            • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                                                                            APIs
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                            • Instruction ID: 68673b5cf84413dff1d7ecec16939cb2303f89f305828e6cd22260af4b89741b
                                                                                                            • Opcode Fuzzy Hash: 296f4a6b1841180fcb6525c1425398a2afe0618770c3240f8adf4a5c8222c494
                                                                                                            • Instruction Fuzzy Hash: EDE07EB2610119AF9B40DE8CDC81EEB37ADAB1D350F404016FA08E7200C2B4EC519BB4
                                                                                                            APIs
                                                                                                            • FindClose.KERNEL32(00000000,000000FF,004707E0,00000000,004715F6,?,00000000,0047163F,?,00000000,00471778,?,00000000,?,00000000), ref: 00454C0E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseFind
                                                                                                            • String ID:
                                                                                                            • API String ID: 1863332320-0
                                                                                                            • Opcode ID: 7c8f6db93596433e8c6540ce52a48f0da3b0448ecaf471e45e9c42032ee7c2dc
                                                                                                            • Instruction ID: 5c2dbd3a099336849a47a332199978da45cb785deb8a29a76394180ab3bc5383
                                                                                                            • Opcode Fuzzy Hash: 7c8f6db93596433e8c6540ce52a48f0da3b0448ecaf471e45e9c42032ee7c2dc
                                                                                                            • Instruction Fuzzy Hash: A1E09BB09097004BC715DF39858031A76D19FC9325F05C96AEC99CF3D7E77D84454617
                                                                                                            APIs
                                                                                                            • KiUserCallbackDispatcher.NTDLL(00495556,?,00495578,?,?,00000000,00495556,?,?), ref: 0041469B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2492992576-0
                                                                                                            • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                            • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                                                            • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                                                            • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                                                            APIs
                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F24
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                            • Instruction ID: adeaf4ebd0e6cd94d64be6b3cb299443ba394f13a0b1cd3d8337db6b6af80796
                                                                                                            • Opcode Fuzzy Hash: 4c02731fe18b0a47ab7745946c5e8dd4c7dfafdb2aa22804bebcbb41d9412fbb
                                                                                                            • Instruction Fuzzy Hash: 53D012722091506AD220965A6C44EAB6BDCCBC5770F11063AB558C2181D7209C01C675
                                                                                                            APIs
                                                                                                              • Part of subcall function 004235F8: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 0042360D
                                                                                                            • ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                              • Part of subcall function 00423628: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 00423644
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoParametersSystem$ShowWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3202724764-0
                                                                                                            • Opcode ID: f1fbc87c7d3064a6cf4368d53b3e4c6ee974437194041f03c0195094467d5de5
                                                                                                            • Instruction ID: 3e39ddd90fb628193caaea160b6f4ed5bf244f394cc2da11a07db6b12dca8b82
                                                                                                            • Opcode Fuzzy Hash: f1fbc87c7d3064a6cf4368d53b3e4c6ee974437194041f03c0195094467d5de5
                                                                                                            • Instruction Fuzzy Hash: 34D05E123821703142307ABB280699B46EC8D822EB389043BB5449B312ED5DCE01116C
                                                                                                            APIs
                                                                                                            • SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 530164218-0
                                                                                                            • Opcode ID: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                            • Instruction ID: e359d8c046b4275bb87a72ac3440150ee0889cd0e7de0465f76ccf46c1161c2e
                                                                                                            • Opcode Fuzzy Hash: 968e2600307bd84f4d65718215a4df57ccfa9b7919b98356d7a542cd4e907fd2
                                                                                                            • Instruction Fuzzy Hash: 81D05EE27011602BCB01BAED54C4AC667CC9B8D25AB1840BBF904EF257D638CE40C398
                                                                                                            APIs
                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,0046769C,00000000,00000000,00000000,0000000C,00000000), ref: 004669CC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 2492992576-0
                                                                                                            • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                            • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                                                            • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                                                            • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,004515CB,00000000), ref: 0042CD2F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                            • Instruction ID: 53db4a1afaa3b7bebcc80daf879f764776582c58df104e6651e2d127eece83ed
                                                                                                            • Opcode Fuzzy Hash: 699a035a793c66476b33cfcb292e18e8433149420fa0246697406cd7a61acf8b
                                                                                                            • Instruction Fuzzy Hash: 48C08CE03222001A9E60A6BD2CC551F06CC891423A3A41E3BB129EB2E2D23D88162818
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A6D4,0040CC80,?,00000000,?), ref: 00406EDD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                            • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                                                            • Opcode Fuzzy Hash: d487f09bce5ab2446fefe52ff91139140134d323c8d44495a9ab4cbc0f9c4527
                                                                                                            • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                                                            APIs
                                                                                                            • SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                                              • Part of subcall function 004506B4: GetLastError.KERNEL32(004504D0,00450776,?,00000000,?,0049799C,00000001,00000000,00000002,00000000,00497AFD,?,?,00000005,00000000,00497B31), ref: 004506B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFileLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 734332943-0
                                                                                                            • Opcode ID: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                            • Instruction ID: 9573b676cf6dd5fef234c73c81a1a5d02d78d5ca05287b50762f3c98dcfac2da
                                                                                                            • Opcode Fuzzy Hash: dfd6122944db5b319254e7b77af95d7469dcf5406d44b15aeae4525e96e42585
                                                                                                            • Instruction Fuzzy Hash: 1AC04CA5700211479F10A6BA85C1A0662D86A5D3157144066BD08CF207D668D8148A18
                                                                                                            APIs
                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000,?,0049792A,00000000,00497AFD,?,?,00000005,00000000,00497B31,?,?,00000000), ref: 004072B3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectory
                                                                                                            • String ID:
                                                                                                            • API String ID: 1611563598-0
                                                                                                            • Opcode ID: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                            • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                                                                            • Opcode Fuzzy Hash: 9cfe1b671e2ded52e2a4f1899edd371c25323ab6eac1b77aed394817f5a1d109
                                                                                                            • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(?,0042E40D), ref: 0042E400
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                            • Instruction ID: 426ac138898b17598b25982f2c454791bd479401c65f9a69ae9baa170422678e
                                                                                                            • Opcode Fuzzy Hash: cb8e2ebd86b0ac1182f6c4657d989dfa6a466ad308997f4b3834ff3b1e7758f7
                                                                                                            • Instruction Fuzzy Hash: CDB09B7670C6105EE709D6D5B45552D63D4D7C57207E14477F010D2581D57D58054E18
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DestroyWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3375834691-0
                                                                                                            • Opcode ID: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                            • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                                                                            • Opcode Fuzzy Hash: 1244af60e57b01067fe56da529b9c4312cbd500fa9ed17bad69dff1823a021af
                                                                                                            • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4b311c6ba27037e114d2a0e0a4cc9575de8b4ed7f96be8eb5d2287752a4e0dd9
                                                                                                            • Instruction ID: 41a6872630840156d23f43a697f0b10540748f54e9aa1b8241e7bbe25a2b1888
                                                                                                            • Opcode Fuzzy Hash: 4b311c6ba27037e114d2a0e0a4cc9575de8b4ed7f96be8eb5d2287752a4e0dd9
                                                                                                            • Instruction Fuzzy Hash: 73517574E002099FDB00EFA9C892AAFBBF5EB49314F50817AE500E7351DB389D41CB98
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047DA68,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047DA22
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 626452242-0
                                                                                                            • Opcode ID: f00937e419430fadacdfb08ba868c06bfaea8747007b4ff93a078d6954f67ca3
                                                                                                            • Instruction ID: f29de2ad8c50687240b36adc22138c5273adba91495e2343049bdb371ee5aac2
                                                                                                            • Opcode Fuzzy Hash: f00937e419430fadacdfb08ba868c06bfaea8747007b4ff93a078d6954f67ca3
                                                                                                            • Instruction Fuzzy Hash: A051B6B0A14214AFDB10DF54D8C4B9ABBF8EF19308F108077E944A7391D738AE45CB6A
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041EDA4,?,0042388F,00423C0C,0041EDA4), ref: 0041F3E2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                            • Instruction ID: 3312bc658de40493dbbbdb628fa1ac862c14c743cb2aabe02eeb7d71ec829e14
                                                                                                            • Opcode Fuzzy Hash: f624f178b2757757f6ee0ed82108e7e17b49aa81eb1cfd09d0e3ddd3732ee692
                                                                                                            • Instruction Fuzzy Hash: D5115A752007059BCB20DF19D880B82FBE5EF98390F10C53BE9688B385D3B4E8458BA9
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(00000000,0045302D), ref: 0045300F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1452528299-0
                                                                                                            • Opcode ID: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                            • Instruction ID: b902f5f71593d0acd8113edc39c0d5725662cc955bae9521e0e34912f41e4d76
                                                                                                            • Opcode Fuzzy Hash: 796ee09302341f2f0fe022b6b7ad64e2259239b3e6510a293da86372227c0e6a
                                                                                                            • Instruction Fuzzy Hash: 850170356042486FC701DF699C008EEFBE8EB4D76171082B7FC24C3382D7345E059664
                                                                                                            APIs
                                                                                                            • VirtualFree.KERNEL32(?,?,00004000,?,?,?,?,?,00401973), ref: 00401766
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                            • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                                                            • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                                                            • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                            • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                                                            • Opcode Fuzzy Hash: 11f5b55454e2001d57305e4d26194660ee260494afc1ae4151642f59c6b90a28
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32(?,00418FF0,00000000,?,?,?,00000001), ref: 0041F126
                                                                                                            • SetErrorMode.KERNEL32(00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F142
                                                                                                            • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F14E
                                                                                                            • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F15C
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F18C
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1B5
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1CA
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1DF
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1F4
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F209
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F21E
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F233
                                                                                                            • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F248
                                                                                                            • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F25D
                                                                                                            • FreeLibrary.KERNEL32(00000001,?,00418FF0,00000000,?,?,?,00000001), ref: 0041F26F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                                                            • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                                                            • API String ID: 2323315520-3614243559
                                                                                                            • Opcode ID: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                            • Instruction ID: e724c2aa341d6685c6ab1c4031cb88844a897dd828fe35f3324890dc483947ec
                                                                                                            • Opcode Fuzzy Hash: 62814c6def9f01bce39a36d2c4270fbdb1234b3c2cb706e68bb71ccad2797809
                                                                                                            • Instruction Fuzzy Hash: 8E314FB2640700ABEB01EBB9AC46A6B3794F328724741093FB508D7192D77C5C55CF5C
                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 0045847F
                                                                                                            • QueryPerformanceCounter.KERNEL32(02183858,00000000,00458712,?,?,02183858,00000000,?,00458E0E,?,02183858,00000000), ref: 00458488
                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(02183858,02183858), ref: 00458492
                                                                                                            • GetCurrentProcessId.KERNEL32(?,02183858,00000000,00458712,?,?,02183858,00000000,?,00458E0E,?,02183858,00000000), ref: 0045849B
                                                                                                            • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 00458511
                                                                                                            • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02183858,02183858), ref: 0045851F
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,004586CE), ref: 00458567
                                                                                                            • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,004586BD,?,00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,004586CE), ref: 004585A0
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458649
                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045867F
                                                                                                            • CloseHandle.KERNEL32(000000FF,004586C4,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 004586B7
                                                                                                              • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                                                            • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                                                            • API String ID: 770386003-3271284199
                                                                                                            • Opcode ID: 9504134f1b0840cae109e3ce12893ae1ca881710e7b52e2eec49e0a39d18bb41
                                                                                                            • Instruction ID: 01244017a6d81f6d28e4b5174d8fffcdbc0783d4be9496fecaa57000614c8eca
                                                                                                            • Opcode Fuzzy Hash: 9504134f1b0840cae109e3ce12893ae1ca881710e7b52e2eec49e0a39d18bb41
                                                                                                            • Instruction Fuzzy Hash: 71711370A003449EDB10EF65CC45B9EBBF4EB15705F5084BAF918FB282DB7899448F69
                                                                                                            APIs
                                                                                                              • Part of subcall function 00477E90: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EA9
                                                                                                              • Part of subcall function 00477E90: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477EAF
                                                                                                              • Part of subcall function 00477E90: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EC2
                                                                                                              • Part of subcall function 00477E90: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0), ref: 00477EEC
                                                                                                              • Part of subcall function 00477E90: CloseHandle.KERNEL32(00000000,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477F0A
                                                                                                              • Part of subcall function 00477F68: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00477FFA,?,?,?,02182BE0,?,0047805C,00000000,00478172,?,?,-00000010,?), ref: 00477F98
                                                                                                            • ShellExecuteEx.SHELL32(0000003C), ref: 004780AC
                                                                                                            • GetLastError.KERNEL32(00000000,00478172,?,?,-00000010,?), ref: 004780B5
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00478102
                                                                                                            • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00478126
                                                                                                            • CloseHandle.KERNEL32(00000000,00478157,00000000,00000000,000000FF,000000FF,00000000,00478150,?,00000000,00478172,?,?,-00000010,?), ref: 0047814A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                                                            • String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                                                            • API String ID: 883996979-221126205
                                                                                                            • Opcode ID: 3f9d2181694077b21b868e71eca94cf7724c1513c234160a79aee89dede81d9c
                                                                                                            • Instruction ID: 4776828256a8cc8572350b5820200226dc7264e1f18f620f8b2e082d5f540a6f
                                                                                                            • Opcode Fuzzy Hash: 3f9d2181694077b21b868e71eca94cf7724c1513c234160a79aee89dede81d9c
                                                                                                            • Instruction Fuzzy Hash: 6E316670940208AEDB10EFE6C845ADEB7B8EB04318F90847FF518F7281DA7899058B59
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 004229F4
                                                                                                            • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BBE), ref: 00422A04
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendShowWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1631623395-0
                                                                                                            • Opcode ID: feaf7eda56c5d7a46aeac68601ea302718d54c2d1d0da18b2df088f526b52f35
                                                                                                            • Instruction ID: 9e9026b6a08d43f4c34b0c014f83afec13b9727198b5f0eb67f7172f0d04fbcb
                                                                                                            • Opcode Fuzzy Hash: feaf7eda56c5d7a46aeac68601ea302718d54c2d1d0da18b2df088f526b52f35
                                                                                                            • Instruction Fuzzy Hash: 90915171B04214BFDB11EFA9DA86F9D77F4AB04304F5500BAF504AB392CB78AE419B58
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 00418393
                                                                                                            • GetWindowPlacement.USER32(?,0000002C), ref: 004183B0
                                                                                                            • GetWindowRect.USER32(?), ref: 004183CC
                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 004183DA
                                                                                                            • GetWindowLongA.USER32(?,000000F8), ref: 004183EF
                                                                                                            • ScreenToClient.USER32(00000000), ref: 004183F8
                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 00418403
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                            • String ID: ,
                                                                                                            • API String ID: 2266315723-3772416878
                                                                                                            • Opcode ID: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                            • Instruction ID: 8875a2d430ef8be2c5346fa25315cde737655516302bc4d2344e38a88124d083
                                                                                                            • Opcode Fuzzy Hash: 093fbc58c9f2bb22a74bd7cb36b3f86111f4d6c014dbe9a16a5ffda61369e0f0
                                                                                                            • Instruction Fuzzy Hash: 2B112B71505201ABEB00DF69C885F9B77E8AF48314F04067EFD58DB296D738D900CB65
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00455612
                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455639
                                                                                                            • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045563E
                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 0045564F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                            • API String ID: 107509674-3733053543
                                                                                                            • Opcode ID: 71598a6bdd6d5fb56d5762fa92910e3e26de8c4971b3032dc2bdc18874b6a41e
                                                                                                            • Instruction ID: 23182b732e3c774e917f784577cc733395bd6f0e504c2650860deaf78f25ff04
                                                                                                            • Opcode Fuzzy Hash: 71598a6bdd6d5fb56d5762fa92910e3e26de8c4971b3032dc2bdc18874b6a41e
                                                                                                            • Instruction Fuzzy Hash: CBF0C870294B41B9EA10A6718C17F3B21C89B40709F80083ABD05E90D3D7BDD40C4A2E
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045CFE1
                                                                                                            • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045CFF1
                                                                                                            • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045D001
                                                                                                            • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047F453,00000000,0047F47C), ref: 0045D026
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$CryptVersion
                                                                                                            • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                                                            • API String ID: 1951258720-508647305
                                                                                                            • Opcode ID: 6bea81dda9fbb2f0804f4d34ed7f3fdf770b10932dc8999661774a36d6befbc1
                                                                                                            • Instruction ID: 053e23ae93e59936775da3b85939a49c1ec117bb16e32bace9e6a444f988995f
                                                                                                            • Opcode Fuzzy Hash: 6bea81dda9fbb2f0804f4d34ed7f3fdf770b10932dc8999661774a36d6befbc1
                                                                                                            • Instruction Fuzzy Hash: 3EF0F9B0980700CBE728EFB6ACC67263795EB9570AF14813BA808A11E2D7780499CB1C
                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000,00497F30,?,?,00000000,0049B628), ref: 00497C6B
                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 00497CEE
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00497D2A,?,00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000), ref: 00497D06
                                                                                                            • FindClose.KERNEL32(000000FF,00497D31,00497D2A,?,00000000,?,00000000,00497D52,?,?,00000000,0049B628,?,00497EDC,00000000,00497F30), ref: 00497D24
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$AttributesCloseFirstNext
                                                                                                            • String ID: isRS-$isRS-???.tmp
                                                                                                            • API String ID: 134685335-3422211394
                                                                                                            • Opcode ID: 364c0e76f2c6b87ee015195f117b48597cda05d20fe84bdce713179882c005fd
                                                                                                            • Instruction ID: 58584d30a9cebb9496c34c78ac808807487b68c9e5340ea926fa5a91c3adbdad
                                                                                                            • Opcode Fuzzy Hash: 364c0e76f2c6b87ee015195f117b48597cda05d20fe84bdce713179882c005fd
                                                                                                            • Instruction Fuzzy Hash: 22316571A146086BDF10EF65CC41ADEBBBCDF49304F5085BBA908A32A1E63C9E458F58
                                                                                                            APIs
                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0045745D
                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457484
                                                                                                            • SetForegroundWindow.USER32(?), ref: 00457495
                                                                                                            • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,0045776F,?,00000000,004577AB), ref: 0045775A
                                                                                                            Strings
                                                                                                            • Cannot evaluate variable because [Code] isn't running yet, xrefs: 004575DA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                                                            • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                                                            • API String ID: 2236967946-3182603685
                                                                                                            • Opcode ID: 6bd6caa41a15310477e83bc0a49d1206285915d7cd4776c217e2dcd25b97f1c8
                                                                                                            • Instruction ID: fa7acb0e2d6b8d582b6902519899a90ae2b0afcf3fbb82d78ce799b77582f668
                                                                                                            • Opcode Fuzzy Hash: 6bd6caa41a15310477e83bc0a49d1206285915d7cd4776c217e2dcd25b97f1c8
                                                                                                            • Instruction Fuzzy Hash: DF91D134608204EFD715CF69E991F5ABBF9FB49704F2180BAEC0497792D638AE04DB58
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F4B), ref: 00455E3C
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E42
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                            • API String ID: 1646373207-3712701948
                                                                                                            • Opcode ID: 425acd45c57e1a90a14b519a9b70c26380c560e6a4faa307eedde0d31f767984
                                                                                                            • Instruction ID: d81c9a8c7c52065d28d66f53e81ce4f313aa74f068c2efe820cb9bfc493487ae
                                                                                                            • Opcode Fuzzy Hash: 425acd45c57e1a90a14b519a9b70c26380c560e6a4faa307eedde0d31f767984
                                                                                                            • Instruction Fuzzy Hash: B0418671A04649AFCF01EFA5C8929EEB7B8EF48305F504567F804F7292D67C5E098B68
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 00417D0F
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Placement$Iconic
                                                                                                            • String ID: ,
                                                                                                            • API String ID: 568898626-3772416878
                                                                                                            • Opcode ID: a0af22d6e47f15c5c805b34526d81a80d06eca119401db975a7b3104afeb2d4e
                                                                                                            • Instruction ID: e85585575f8c5a3e7823c55acc6b28d6d187d41511fbfc80546af44b70413e2d
                                                                                                            • Opcode Fuzzy Hash: a0af22d6e47f15c5c805b34526d81a80d06eca119401db975a7b3104afeb2d4e
                                                                                                            • Instruction Fuzzy Hash: 4C2112716042089BDF10EF69D8C1AEA77B8AF48314F05456AFD18DF346D678DD84CBA8
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001,00000000,00463D0D), ref: 00463B81
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463C10
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00463CC2,?,00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463CA2
                                                                                                            • FindClose.KERNEL32(000000FF,00463CC9,00463CC2,?,00000000,?,00000000,00463CE0,?,00000001,00000000,00463D0D), ref: 00463CBC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 4011626565-0
                                                                                                            • Opcode ID: ea3eed7d1408edc3882bc6792a8114668d7e879bec7624fad3ea01842ef17e57
                                                                                                            • Instruction ID: 951735f7a3c6dd48f486321ddf7fb9c00a217b4e97ee71939f184256b73d479b
                                                                                                            • Opcode Fuzzy Hash: ea3eed7d1408edc3882bc6792a8114668d7e879bec7624fad3ea01842ef17e57
                                                                                                            • Instruction Fuzzy Hash: 2B41A871A00A58AFCB10EF65DC45ADDB7B8EB88706F4044BAF404B7381E67C9F488E59
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001,00000000,004641B3), ref: 00464041
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 00464087
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00464160,?,00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 0046413C
                                                                                                            • FindClose.KERNEL32(000000FF,00464167,00464160,?,00000000,?,00000000,0046417E,?,00000001,00000000,004641B3), ref: 0046415A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseErrorFirstModeNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 4011626565-0
                                                                                                            • Opcode ID: 178f21a278dbeca0b5487afb4cc8a3a474e9964bec91cf1fa54baf1df103d301
                                                                                                            • Instruction ID: 3e1e9a66f2526eb02ce93895e5fa1006c5947d115418489384634c6f5ce8cf05
                                                                                                            • Opcode Fuzzy Hash: 178f21a278dbeca0b5487afb4cc8a3a474e9964bec91cf1fa54baf1df103d301
                                                                                                            • Instruction Fuzzy Hash: 7341A434B00A58AFCF11EF65CC859DEB7B9EBC8305F4044AAF804A7341E6389E848E49
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E956
                                                                                                            • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E981
                                                                                                            • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E98E
                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E996
                                                                                                            • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F3F,00000000,00452F60), ref: 0042E99C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 1177325624-0
                                                                                                            • Opcode ID: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                            • Instruction ID: 661b18b1de4eb1238568a50ab540e77c3175952f9b14320adb6d96c9b056064d
                                                                                                            • Opcode Fuzzy Hash: 00c40fca2cfdd97ba02e44e9efda7f487b55ec81a2bcf6d63bb4130569f45397
                                                                                                            • Instruction Fuzzy Hash: 80F090B23A17207AF620B57A5C86F7F418CCB89B68F10423BBA04FF1D1D9A85D0555AD
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 0048345E
                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 0048347C
                                                                                                            • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A4,0048293A,0048296E,00000000,0048298E,?,?,?,0049C0A4), ref: 0048349E
                                                                                                            • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A4,0048293A,0048296E,00000000,0048298E,?,?,?,0049C0A4), ref: 004834B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Show$IconicLong
                                                                                                            • String ID:
                                                                                                            • API String ID: 2754861897-0
                                                                                                            • Opcode ID: 7adc6d23a2e45bfcb47f86f15328f2256524f13007b9a6bd5233fe1c8f26e82e
                                                                                                            • Instruction ID: b2d3f2bb309dc3ccac68fe08692f7b65e7038161d92c55b9b58b225abec03440
                                                                                                            • Opcode Fuzzy Hash: 7adc6d23a2e45bfcb47f86f15328f2256524f13007b9a6bd5233fe1c8f26e82e
                                                                                                            • Instruction Fuzzy Hash: 750152706012409AE601BFE59D8AB5A26C55F10F49F18087BB9009F2A2DA2DDA858B1C
                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,00462698), ref: 0046261C
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,00462678,?,00000000,?,00000000,00462698), ref: 00462658
                                                                                                            • FindClose.KERNEL32(000000FF,0046267F,00462678,?,00000000,?,00000000,00462698), ref: 00462672
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 3541575487-0
                                                                                                            • Opcode ID: e94515bc2c8b3d54fda8ee7ea50903a5de584af26bf4ddc4af921dcd62f8e3d1
                                                                                                            • Instruction ID: 64bef34161faf0391a99b618d3e767a3fd2d5c762390acd0a64fbb4d401bfb5a
                                                                                                            • Opcode Fuzzy Hash: e94515bc2c8b3d54fda8ee7ea50903a5de584af26bf4ddc4af921dcd62f8e3d1
                                                                                                            • Instruction Fuzzy Hash: E921D831904B147ECB11EB65DC41ADEB7ACDB49304F5084F7F808E22A1E6B89E548F5A
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 004241E4
                                                                                                            • SetActiveWindow.USER32(?,?,?,0046CBC7), ref: 004241F1
                                                                                                              • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                              • Part of subcall function 00423B14: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,021825AC,0042420A,?,?,?,0046CBC7), ref: 00423B4F
                                                                                                            • SetFocus.USER32(00000000,?,?,?,0046CBC7), ref: 0042421E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveFocusIconicShow
                                                                                                            • String ID:
                                                                                                            • API String ID: 649377781-0
                                                                                                            • Opcode ID: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                            • Instruction ID: c953833529836f01456b8f788e47b4b7c36f7a841d6c6df07f57e62630513da6
                                                                                                            • Opcode Fuzzy Hash: 1be179083055f96161d8b165ddd04f1e3bd56871e014c6a07f585ac04199aa1a
                                                                                                            • Instruction Fuzzy Hash: 8CF030B170012097CB10BFAAA8C5B9676A8AB48344F5500BBBD05DF357CA7CDC018778
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 00417D0F
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D2D
                                                                                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00417D63
                                                                                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D8A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Placement$Iconic
                                                                                                            • String ID:
                                                                                                            • API String ID: 568898626-0
                                                                                                            • Opcode ID: 76c66e33316401a89d3facc50d11a2b6f1ba08a7ab00baf439cd89f832e1e53a
                                                                                                            • Instruction ID: d9358ea7cd183770b33139a8ac7b7a0a70302bd2c01e5fc8313c3e2814ac7f2c
                                                                                                            • Opcode Fuzzy Hash: 76c66e33316401a89d3facc50d11a2b6f1ba08a7ab00baf439cd89f832e1e53a
                                                                                                            • Instruction Fuzzy Hash: 33012C71204108ABDB10EE59D8C1EF673A8AF45724F154566FD19DF242D639ED8087A8
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CaptureIconic
                                                                                                            • String ID:
                                                                                                            • API String ID: 2277910766-0
                                                                                                            • Opcode ID: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                            • Instruction ID: 6cb7601519473143bf4e876ebf6758ccc8fc4fa751d6c6e0357a6193460a6b05
                                                                                                            • Opcode Fuzzy Hash: c22591b8c3f2be6e3e416ff0957708157ed46c57fff49ed7de8fa542590db40d
                                                                                                            • Instruction Fuzzy Hash: 0AF0A4723056425BD730AB2EC984AB762F69F84314B14403BE419CBFA1EB3CDCC08798
                                                                                                            APIs
                                                                                                            • IsIconic.USER32(?), ref: 0042419B
                                                                                                              • Part of subcall function 00423A84: EnumWindows.USER32(00423A1C), ref: 00423AA8
                                                                                                              • Part of subcall function 00423A84: GetWindow.USER32(?,00000003), ref: 00423ABD
                                                                                                              • Part of subcall function 00423A84: GetWindowLongA.USER32(?,000000EC), ref: 00423ACC
                                                                                                              • Part of subcall function 00423A84: SetWindowPos.USER32(00000000,\AB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241AB,?,?,00423D73), ref: 00423B02
                                                                                                            • SetActiveWindow.USER32(?,?,?,00423D73,00000000,0042415C), ref: 004241AF
                                                                                                              • Part of subcall function 0042364C: ShowWindow.USER32(00410460,00000009,?,00000000,0041EDA4,0042393A,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C0C), ref: 00423667
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                                                            • String ID:
                                                                                                            • API String ID: 2671590913-0
                                                                                                            • Opcode ID: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                            • Instruction ID: ce5d4440ec1c13bcfda566247f28ea27228b22b89c70f7a48f218b5e8bc86154
                                                                                                            • Opcode Fuzzy Hash: b2ff140757208bd7b7cc33ac29151dbeb423d1cdddd3b288bc041a56f1810338
                                                                                                            • Instruction Fuzzy Hash: 55E01AA070011087DB10AFAADCC8B9632A9BB48304F55017ABD49CF35BD63CC8608724
                                                                                                            APIs
                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,004127D5), ref: 004127C3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NtdllProc_Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 4255912815-0
                                                                                                            • Opcode ID: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                            • Instruction ID: 2c049f03cfb376e3baa0368465928f91904f6d03483072bf0e6cb5f6a46bccc5
                                                                                                            • Opcode Fuzzy Hash: 120c9c179850e2d77f2b5158c289480559fb4752f9becda92d3f5c4f199058c9
                                                                                                            • Instruction Fuzzy Hash: 4A5102357082048FD710DB6ADA80A9BF3E5EF98314B2082BBD814C77A1D7B8AD91C75D
                                                                                                            APIs
                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0047872E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NtdllProc_Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 4255912815-0
                                                                                                            • Opcode ID: 10ca812e3c548e1abffc20113ea3ec26250c704f28d0c7929afa756ed2071b4a
                                                                                                            • Instruction ID: 93be4e423146f0b72d2fb04b2818289b08cc6f156d75f667f85849a608f59376
                                                                                                            • Opcode Fuzzy Hash: 10ca812e3c548e1abffc20113ea3ec26250c704f28d0c7929afa756ed2071b4a
                                                                                                            • Instruction Fuzzy Hash: 81416979604104EFCB10CF99D6889AAB7F5FB48310B74C5AAE809EB701DB38EE41DB55
                                                                                                            APIs
                                                                                                            • ArcFourCrypt._ISCRYPT(?,?,?,?), ref: 0045D097
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CryptFour
                                                                                                            • String ID:
                                                                                                            • API String ID: 2153018856-0
                                                                                                            • Opcode ID: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                                                            • Instruction ID: 2e238a974be0c8424367b3c35ccc205e7f0a308c5ec670be841bb4718b7179ff
                                                                                                            • Opcode Fuzzy Hash: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                                                            • Instruction Fuzzy Hash: 37C09BF200420CBF660057D5ECC9C77B75CF6586547508126F6048210195726C104574
                                                                                                            APIs
                                                                                                            • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046D988,?,0046DB69), ref: 0045D0AA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CryptFour
                                                                                                            • String ID:
                                                                                                            • API String ID: 2153018856-0
                                                                                                            • Opcode ID: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                                                            • Instruction ID: 227689971defb3a768f182aa15824e3680876923b4d994b81e1676941902ce31
                                                                                                            • Opcode Fuzzy Hash: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                                                            • Instruction Fuzzy Hash: 9DA002B0A80300BAFD2057B05D4EF26352CA7D0F05F708465B202EA0D085A56410852C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3479467522.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3479332213.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3479592771.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_10000000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                            • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                                                            • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                                                            • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3479467522.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3479332213.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3479592771.0000000010002000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_10000000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                            • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                                                            • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            APIs
                                                                                                              • Part of subcall function 0044B604: GetVersionExA.KERNEL32(00000094), ref: 0044B621
                                                                                                            • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498762), ref: 0044B67F
                                                                                                            • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                            • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C9
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7DB
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7ED
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7FF
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B811
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B823
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B835
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B847
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B859
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B86B
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B87D
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B88F
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B8A1
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8B3
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8C5
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8D7
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E9
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8FB
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B90D
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B91F
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B931
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B943
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B955
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B967
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B979
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B98B
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B99D
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9AF
                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9C1
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9D3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoadVersion
                                                                                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                            • API String ID: 1968650500-2910565190
                                                                                                            • Opcode ID: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                            • Instruction ID: e93aa9000a3b975727f71862fff1c9a8a52c50bca2d3d110ef64c9f3a3b13d35
                                                                                                            • Opcode Fuzzy Hash: 4248c38413e99d9464b79edb7fe9b1fdc4fa56b35b8262d24df0eec612bb70b6
                                                                                                            • Instruction Fuzzy Hash: D391A8F0A40B11ABEB00EFB5AD96A2A3BA8EB15714310067BB454DF295D778DC108FDD
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0041CA40
                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 0041CA4C
                                                                                                            • CreateBitmap.GDI32(0041A944,?,00000001,00000001,00000000), ref: 0041CA70
                                                                                                            • CreateCompatibleBitmap.GDI32(?,0041A944,?), ref: 0041CA80
                                                                                                            • SelectObject.GDI32(0041CE3C,00000000), ref: 0041CA9B
                                                                                                            • FillRect.USER32(0041CE3C,?,?), ref: 0041CAD6
                                                                                                            • SetTextColor.GDI32(0041CE3C,00000000), ref: 0041CAEB
                                                                                                            • SetBkColor.GDI32(0041CE3C,00000000), ref: 0041CB02
                                                                                                            • PatBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00FF0062), ref: 0041CB18
                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 0041CB2B
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0041CB5C
                                                                                                            • SelectPalette.GDI32(00000000,00000000,00000001), ref: 0041CB74
                                                                                                            • RealizePalette.GDI32(00000000), ref: 0041CB7D
                                                                                                            • SelectPalette.GDI32(0041CE3C,00000000,00000001), ref: 0041CB8C
                                                                                                            • RealizePalette.GDI32(0041CE3C), ref: 0041CB95
                                                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041CBAE
                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 0041CBC5
                                                                                                            • BitBlt.GDI32(0041CE3C,00000000,00000000,0041A944,?,00000000,00000000,00000000,00CC0020), ref: 0041CBE1
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0041CBEE
                                                                                                            • DeleteDC.GDI32(00000000), ref: 0041CC04
                                                                                                              • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ColorSelect$CreatePalette$CompatibleObject$BitmapRealizeText$DeleteFillRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 269503290-0
                                                                                                            • Opcode ID: 5610cf759d7025b655e2849d1764ebaab2a311e46506ba216d1aa554289a1213
                                                                                                            • Instruction ID: 91afdf38925dfcc0a19aef53af63d8b93a06df8cfedaf367688fa0d34ebdb442
                                                                                                            • Opcode Fuzzy Hash: 5610cf759d7025b655e2849d1764ebaab2a311e46506ba216d1aa554289a1213
                                                                                                            • Instruction Fuzzy Hash: 01610071A44648AFDF10EBE9DC86FDFB7B8EB48704F10446AB504E7281D67CA940CB68
                                                                                                            APIs
                                                                                                            • ShowWindow.USER32(?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000,?,0049868F,00000000,00498699,?,00000000), ref: 00497FC3
                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000,?,0049868F,00000000), ref: 00497FD6
                                                                                                            • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000,00000000), ref: 00497FE6
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00498007
                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004982D8,?,?,00000000,?,00000000), ref: 00498017
                                                                                                              • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                                                            • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                                                            • API String ID: 2000705611-3672972446
                                                                                                            • Opcode ID: acab9580149f75eae7839736e9631fcca2424d0ecbbcfe327cba637ac9836c34
                                                                                                            • Instruction ID: 42a01cccdaaec234e2c43ae8d099a56eb68d33786198a0d03eeaed72e33259cf
                                                                                                            • Opcode Fuzzy Hash: acab9580149f75eae7839736e9631fcca2424d0ecbbcfe327cba637ac9836c34
                                                                                                            • Instruction Fuzzy Hash: 3991B530A046049FDF11EBA9D852BAE7BA4EB4A704F5144BBF500AB682DE7D9C05CB1D
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(00000000,0045A7E4,?,?,?,?,?,00000006,?,00000000,004973CD,?,00000000,00497470), ref: 0045A696
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                                                            • API String ID: 1452528299-3112430753
                                                                                                            • Opcode ID: 7b4c67a2979538d05da33b0281ac62305e71b724ae5420e86ae83fd1cfea1fbc
                                                                                                            • Instruction ID: 3d84b67d4b55823e814de2816039390ec2683d954eb16ce362ee678782389cb9
                                                                                                            • Opcode Fuzzy Hash: 7b4c67a2979538d05da33b0281ac62305e71b724ae5420e86ae83fd1cfea1fbc
                                                                                                            • Instruction Fuzzy Hash: 9A719030B002485BCB10EB698891BAE77B59F48719F54856BFC01AB383DA7CDE1D875E
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32 ref: 0045CA2A
                                                                                                            • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CA4A
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CA57
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CA64
                                                                                                            • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CA72
                                                                                                              • Part of subcall function 0045C918: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045C9B7,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045C991
                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC65,?,?,00000000), ref: 0045CB2B
                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC65,?,?,00000000), ref: 0045CB34
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                                                            • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                                                            • API String ID: 59345061-4263478283
                                                                                                            • Opcode ID: 551fcf749c72914a38171c600357803e83c81dab8682d1b21c615cfe1b656b91
                                                                                                            • Instruction ID: 9267600119b74d5c47b6def8195b3f0e3f25b5cd065e112b6ecb42d85fa503a5
                                                                                                            • Opcode Fuzzy Hash: 551fcf749c72914a38171c600357803e83c81dab8682d1b21c615cfe1b656b91
                                                                                                            • Instruction Fuzzy Hash: B1518571900708EFDB11DFA9C885BAEBBB8EB4C311F14806AF915B7241C6799944CFA9
                                                                                                            APIs
                                                                                                            • CoCreateInstance.OLE32(00499A74,00000000,00000001,00499774,?,00000000,004568A1), ref: 004565A6
                                                                                                            • CoCreateInstance.OLE32(00499764,00000000,00000001,00499774,?,00000000,004568A1), ref: 004565CC
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00456759
                                                                                                            Strings
                                                                                                            • IPropertyStore::Commit, xrefs: 004567A9
                                                                                                            • IPersistFile::Save, xrefs: 00456828
                                                                                                            • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 004567CA
                                                                                                            • CoCreateInstance, xrefs: 004565D7
                                                                                                            • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004566EF
                                                                                                            • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 004566BB
                                                                                                            • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456790
                                                                                                            • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 0045673E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateInstance$FreeString
                                                                                                            • String ID: CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)
                                                                                                            • API String ID: 308859552-3936712486
                                                                                                            • Opcode ID: c517585abefeef5e4aecaacf0f1214f05652fa0e4087abcedef047af4287d9d3
                                                                                                            • Instruction ID: 8ea5dda7a560ded85d07eb9974ca036a449deae5e5e286e87ef099e1c3d3d79c
                                                                                                            • Opcode Fuzzy Hash: c517585abefeef5e4aecaacf0f1214f05652fa0e4087abcedef047af4287d9d3
                                                                                                            • Instruction Fuzzy Hash: 70A12171A00105AFDB50DFA9C885BAE77F8EF09306F55406AF904E7262DB38DD48CB69
                                                                                                            APIs
                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 0041B3C3
                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 0041B3CD
                                                                                                            • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3DF
                                                                                                            • CreateBitmap.GDI32(0000000B,?,00000001,00000001,00000000), ref: 0041B3F6
                                                                                                            • GetDC.USER32(00000000), ref: 0041B402
                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,0000000B,?), ref: 0041B42F
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 0041B455
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                            • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                            • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                                                                                            • String ID:
                                                                                                            • API String ID: 644427674-0
                                                                                                            • Opcode ID: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                            • Instruction ID: 0f3e5998203d07172116f12fa3fedaa120d09cd030f2870c51d139f455c41937
                                                                                                            • Opcode Fuzzy Hash: 9212dc48eb065078ffd6e64a0fe4b3e7e755c3ed7e1f96497366cc94fc87ddf9
                                                                                                            • Instruction Fuzzy Hash: E941AD71E44619AFDB10DAE9C846FEFB7BCEB08704F104466B614F7281D6786D408BA8
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472B74
                                                                                                            • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472C7B
                                                                                                            • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472C91
                                                                                                            • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472CB6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                                                            • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                                                            • API String ID: 971782779-3668018701
                                                                                                            • Opcode ID: f320f92f694209bf3d87b242267b6161fd66681942871ca2a5a7eb633dffa5fc
                                                                                                            • Instruction ID: 488d38facc3b5b4348deb9d7b7a0b4180c51b54c04cb4348039bcbbbcac6ad39
                                                                                                            • Opcode Fuzzy Hash: f320f92f694209bf3d87b242267b6161fd66681942871ca2a5a7eb633dffa5fc
                                                                                                            • Instruction Fuzzy Hash: 62D13574A001499FDB11EFA9D981BDDBBF5AF08304F50806AF904B7392C778AE45CB69
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,?,00000000,?,00000000,00454B0D,?,0045A9BA,00000003,00000000,00000000,00454B44), ref: 0045498D
                                                                                                              • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                            • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045A9BA,00000000,00000000,?,00000000,?,00000000), ref: 00454A11
                                                                                                            • RegQueryValueExA.ADVAPI32(0045A9BA,00000000,00000000,00000000,?,00000004,00000000,00454A57,?,0045A9BA,00000000,00000000,?,00000000,?,00000000), ref: 00454A40
                                                                                                            Strings
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548E4
                                                                                                            • , xrefs: 004548FE
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548AB
                                                                                                            • RegOpenKeyEx, xrefs: 00454910
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue$FormatMessageOpen
                                                                                                            • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                            • API String ID: 2812809588-1577016196
                                                                                                            • Opcode ID: d2d2157a54bb89dc076ef9e0fa42170e86ba3ac777985cc89856524af98327e3
                                                                                                            • Instruction ID: 10c729c5df0f457655d9edc07d187ac9b2ad403c2690153cc8aec617143616fc
                                                                                                            • Opcode Fuzzy Hash: d2d2157a54bb89dc076ef9e0fa42170e86ba3ac777985cc89856524af98327e3
                                                                                                            • Instruction Fuzzy Hash: D1914871E44148ABDB10DF95C842BDEB7FCEB49309F50406BF900FB282D6789E458B69
                                                                                                            APIs
                                                                                                              • Part of subcall function 004591B4: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592F1,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459201
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 0045934F
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 004593B9
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459420
                                                                                                            Strings
                                                                                                            • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045936C
                                                                                                            • .NET Framework not found, xrefs: 0045946D
                                                                                                            • v2.0.50727, xrefs: 004593AB
                                                                                                            • .NET Framework version %s not found, xrefs: 00459459
                                                                                                            • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 00459302
                                                                                                            • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 004593D3
                                                                                                            • v4.0.30319, xrefs: 00459341
                                                                                                            • v1.1.4322, xrefs: 00459412
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$Open
                                                                                                            • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                                                            • API String ID: 2976201327-446240816
                                                                                                            • Opcode ID: 54e34cd44602b93ede3f7296a9310ab82d879df4d5c444ac47c898e8d614a2f1
                                                                                                            • Instruction ID: 97f3333ca529404cdccdc0b2d9ed50ca34310147e07c283222f48f4afab481b6
                                                                                                            • Opcode Fuzzy Hash: 54e34cd44602b93ede3f7296a9310ab82d879df4d5c444ac47c898e8d614a2f1
                                                                                                            • Instruction Fuzzy Hash: 7551B331A04144DBCB04DFA8D8A17EE77B6DB49305F54447BA841DB392E73D9E0ACB18
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNEL32(?), ref: 004588CB
                                                                                                            • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 004588E7
                                                                                                            • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 004588F5
                                                                                                            • GetExitCodeProcess.KERNEL32(?), ref: 00458906
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0045894D
                                                                                                            • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458969
                                                                                                            Strings
                                                                                                            • Helper process exited with failure code: 0x%x, xrefs: 00458933
                                                                                                            • Stopping 64-bit helper process. (PID: %u), xrefs: 004588BD
                                                                                                            • Helper process exited., xrefs: 00458915
                                                                                                            • Helper isn't responding; killing it., xrefs: 004588D7
                                                                                                            • Helper process exited, but failed to get exit code., xrefs: 0045893F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                                                            • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                                                            • API String ID: 3355656108-1243109208
                                                                                                            • Opcode ID: 73dbfa3cdad617e305c3f832d4c000a78a7b9bdfac17e51cf2f5e1c942fa38a0
                                                                                                            • Instruction ID: 059a586d5f9fe809614c5be1e0bb00d3bdcd38e01f6b882276f5f7501e11c42c
                                                                                                            • Opcode Fuzzy Hash: 73dbfa3cdad617e305c3f832d4c000a78a7b9bdfac17e51cf2f5e1c942fa38a0
                                                                                                            • Instruction Fuzzy Hash: 4C2130706087409AD720E67AC485B6B76D4AF08305F00C82FB9DAE7693DE78E848D75B
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DDE4: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE10
                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045464F
                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546FF,?,00000000,004547C3), ref: 0045478B
                                                                                                              • Part of subcall function 0042E8C8: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453273,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8E7
                                                                                                            Strings
                                                                                                            • RegCreateKeyEx, xrefs: 004545C3
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454597
                                                                                                            • , xrefs: 004545B1
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 00454567
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateFormatMessageQueryValue
                                                                                                            • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                                                            • API String ID: 2481121983-1280779767
                                                                                                            • Opcode ID: 64c03f8d0974fb8baae80ac1f56f66a2074ee7a7d7e2c1940a2ac01f19c1dde8
                                                                                                            • Instruction ID: cde7545684c4620c2d036396f19d9a4160a162433608d969df8f63117b7f1412
                                                                                                            • Opcode Fuzzy Hash: 64c03f8d0974fb8baae80ac1f56f66a2074ee7a7d7e2c1940a2ac01f19c1dde8
                                                                                                            • Instruction Fuzzy Hash: AC81FF75A00209ABDB00DFD5C981BDEB7B9EB49309F50452AF900FB282D7789A45CB69
                                                                                                            APIs
                                                                                                              • Part of subcall function 004538BC: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                              • Part of subcall function 004538BC: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0049683D
                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,00496991), ref: 0049685E
                                                                                                            • CreateWindowExA.USER32(00000000,STATIC,004969A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00496885
                                                                                                            • SetWindowLongA.USER32(?,000000FC,00496018), ref: 00496898
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000,STATIC,004969A0), ref: 004968C8
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 0049693C
                                                                                                            • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000), ref: 00496948
                                                                                                              • Part of subcall function 00453D30: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                            • DestroyWindow.USER32(?,0049696B,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496964,?,?,000000FC,00496018,00000000,STATIC), ref: 0049695E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$File$CloseCreateHandle$AttributesCopyDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                                                            • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                                                            • API String ID: 1549857992-2312673372
                                                                                                            • Opcode ID: 7b9aa83098eabb2dba0b70aa405a2d9f6b8f1b4b66eab831558cfba939a8a2a9
                                                                                                            • Instruction ID: 93ed1b954d13302bbccf96d2c338465d3c98789abcf3618d64464ab15fb4d88f
                                                                                                            • Opcode Fuzzy Hash: 7b9aa83098eabb2dba0b70aa405a2d9f6b8f1b4b66eab831558cfba939a8a2a9
                                                                                                            • Instruction Fuzzy Hash: 71412C70A04608AEDF00EBA5DC42FAE7BB8EB09714F51457AF400F7291D6799A008B69
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E1C0,00000000), ref: 0042E441
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E447
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E51D,?,00000000,0047E1C0,00000000), ref: 0042E495
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressCloseHandleModuleProc
                                                                                                            • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$QaE$kernel32.dll
                                                                                                            • API String ID: 4190037839-2312295185
                                                                                                            • Opcode ID: cc4cf932d7b220052410dacf18b487448e6dec6834fb41b85ae1fa26c47c2f69
                                                                                                            • Instruction ID: f42d7e7755912f49377b3a3c2778cbb45b18f2cdc7334bb7b0fb93ca3fe573dd
                                                                                                            • Opcode Fuzzy Hash: cc4cf932d7b220052410dacf18b487448e6dec6834fb41b85ae1fa26c47c2f69
                                                                                                            • Instruction Fuzzy Hash: E8213230B10225BBDB10EAE6DC51B9E76B8EB44308F90447BA504E7281E77CDE419B5C
                                                                                                            APIs
                                                                                                            • GetActiveWindow.USER32 ref: 00462870
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462884
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462891
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0046289E
                                                                                                            • GetWindowRect.USER32(?,00000000), ref: 004628EA
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 00462928
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                            • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                            • API String ID: 2610873146-3407710046
                                                                                                            • Opcode ID: 963cd5e9bec20ae9785dbab648af90e3917fdde5ac028f1e20745c9c218af8a1
                                                                                                            • Instruction ID: fe1f68fcdb92d8fdb5b24afc8a588ee1dd3fc27577eab862170fec9bd430383f
                                                                                                            • Opcode Fuzzy Hash: 963cd5e9bec20ae9785dbab648af90e3917fdde5ac028f1e20745c9c218af8a1
                                                                                                            • Instruction Fuzzy Hash: 4621C5B5301B056BD301EA648D41F3B3699EBC4714F05052AF944DB3C6E6B8EC048B9A
                                                                                                            APIs
                                                                                                            • GetActiveWindow.USER32 ref: 0042F194
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A8
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1B5
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1C2
                                                                                                            • GetWindowRect.USER32(?,00000000), ref: 0042F20E
                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F24C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                                                            • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                                                            • API String ID: 2610873146-3407710046
                                                                                                            • Opcode ID: fe4f6826bb7301b99e83fbe15c42cc49c8205db95b757379d9683ee99bf223cf
                                                                                                            • Instruction ID: 50a2e38ba83faf67dd7c56e8d7733487d454ef14a416094e89dadcccf0bf0910
                                                                                                            • Opcode Fuzzy Hash: fe4f6826bb7301b99e83fbe15c42cc49c8205db95b757379d9683ee99bf223cf
                                                                                                            • Instruction Fuzzy Hash: 3821F279704710ABD300EA68ED41F3B37A9DB89714F88457AF944DB382DA79EC044BA9
                                                                                                            APIs
                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458C4B,?,00000000,00458CAE,?,?,02183858,00000000), ref: 00458AC9
                                                                                                            • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02183858,?,00000000,00458BE0,?,00000000,00000001,00000000,00000000,00000000,00458C4B), ref: 00458B26
                                                                                                            • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02183858,?,00000000,00458BE0,?,00000000,00000001,00000000,00000000,00000000,00458C4B), ref: 00458B33
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00458B7F
                                                                                                            • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458BB9,?,-00000020,0000000C,-00004034,00000014,02183858,?,00000000,00458BE0,?,00000000), ref: 00458BA5
                                                                                                            • GetLastError.KERNEL32(?,?,00000000,00000001,00458BB9,?,-00000020,0000000C,-00004034,00000014,02183858,?,00000000,00458BE0,?,00000000), ref: 00458BAC
                                                                                                              • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                                                            • String ID: CreateEvent$TransactNamedPipe
                                                                                                            • API String ID: 2182916169-3012584893
                                                                                                            • Opcode ID: 971ff5326f64256da56b2a3a5e971e3af97d4d6353f8bcf162cac826e6801041
                                                                                                            • Instruction ID: 4e8b515c978fc0f7227371b00e454fc29eb41545a574c41675fd698137751177
                                                                                                            • Opcode Fuzzy Hash: 971ff5326f64256da56b2a3a5e971e3af97d4d6353f8bcf162cac826e6801041
                                                                                                            • Instruction Fuzzy Hash: D74185B1A00608AFDB15DF95CD41F9EB7F8FB48715F10406AF900F7292CA78AE44CA68
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456CD1,?,?,00000031,?), ref: 00456B94
                                                                                                            • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456B9A
                                                                                                            • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456BE7
                                                                                                              • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                                                            • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                                                            • API String ID: 1914119943-2711329623
                                                                                                            • Opcode ID: ee3ea3d82efd4fb2b54eebd443786074e6cae9edf60e5ac548ea64bc7aca37c1
                                                                                                            • Instruction ID: 513f35abe53900720ade907ad6bd055a7f67a8f7377afb521354ad4100752fe6
                                                                                                            • Opcode Fuzzy Hash: ee3ea3d82efd4fb2b54eebd443786074e6cae9edf60e5ac548ea64bc7aca37c1
                                                                                                            • Instruction Fuzzy Hash: 54319671700604AFDB02EFAACD51D5BB7BDEB8974575284A6BC04D3752DA38DD04C728
                                                                                                            APIs
                                                                                                            • RectVisible.GDI32(?,?), ref: 00416E13
                                                                                                            • SaveDC.GDI32(?), ref: 00416E27
                                                                                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E4A
                                                                                                            • RestoreDC.GDI32(?,?), ref: 00416E65
                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00416EE5
                                                                                                            • FrameRect.USER32(?,?,?), ref: 00416F18
                                                                                                            • DeleteObject.GDI32(?), ref: 00416F22
                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00416F32
                                                                                                            • FrameRect.USER32(?,?,?), ref: 00416F65
                                                                                                            • DeleteObject.GDI32(?), ref: 00416F6F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 375863564-0
                                                                                                            • Opcode ID: 35a16e57ef2060bc5b86dfaf9fb4dd0844c8f61540c1a86612a76d2e62787fd3
                                                                                                            • Instruction ID: c082a38e55a2621cff38c0036c5e412d4739722926df34ebe37a7eff5f7859fc
                                                                                                            • Opcode Fuzzy Hash: 35a16e57ef2060bc5b86dfaf9fb4dd0844c8f61540c1a86612a76d2e62787fd3
                                                                                                            • Instruction Fuzzy Hash: 70515A712086459FDB50EF69C8C4B9B77E8AF48314F15466AFD488B286C738EC81CB99
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                                                            • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                            • String ID:
                                                                                                            • API String ID: 1694776339-0
                                                                                                            • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                            • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                                                            • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                                                            • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                                                            APIs
                                                                                                            • GetSystemMenu.USER32(00000000,00000000), ref: 00422233
                                                                                                            • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422251
                                                                                                            • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042225E
                                                                                                            • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 0042226B
                                                                                                            • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422278
                                                                                                            • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00422285
                                                                                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00422292
                                                                                                            • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 0042229F
                                                                                                            • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222BD
                                                                                                            • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222D9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Delete$EnableItem$System
                                                                                                            • String ID:
                                                                                                            • API String ID: 3985193851-0
                                                                                                            • Opcode ID: d8fcfd45993f68361b05288e300d90e061abaf0c01acb012dac33f8cfd749464
                                                                                                            • Instruction ID: 662ae76830c3dbb110fd6952920e185112f137d20e740dc0dcce1beff7d7cd05
                                                                                                            • Opcode Fuzzy Hash: d8fcfd45993f68361b05288e300d90e061abaf0c01acb012dac33f8cfd749464
                                                                                                            • Instruction Fuzzy Hash: AF2144703407047AE720E724CD8BF9BBBD89B04708F5451A5BA487F6D3C6F9AB804698
                                                                                                            APIs
                                                                                                            • FreeLibrary.KERNEL32(10000000), ref: 004814F5
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00481509
                                                                                                            • SendNotifyMessageA.USER32(0001042C,00000496,00002710,00000000), ref: 0048157B
                                                                                                            Strings
                                                                                                            • Restarting Windows., xrefs: 00481556
                                                                                                            • GetCustomSetupExitCode, xrefs: 00481395
                                                                                                            • Deinitializing Setup., xrefs: 00481356
                                                                                                            • DeinitializeSetup, xrefs: 004813F1
                                                                                                            • Not restarting Windows because Setup is being run from the debugger., xrefs: 0048152A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeLibrary$MessageNotifySend
                                                                                                            • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                                                            • API String ID: 3817813901-1884538726
                                                                                                            • Opcode ID: 7fd84dd053b4401f5bdf0ca771466cc8f90a001c2e291a6a881faa6dba982769
                                                                                                            • Instruction ID: a147a64e5fa7f59d2c1c0707bc10c89f769f7b05bbdcd0d826f9af474dd6dcab
                                                                                                            • Opcode Fuzzy Hash: 7fd84dd053b4401f5bdf0ca771466cc8f90a001c2e291a6a881faa6dba982769
                                                                                                            • Instruction Fuzzy Hash: 55519F30700240AFD311EB69E8D5B6E7BA8EB59714F50887BE805C73B1DB38AC46CB59
                                                                                                            APIs
                                                                                                            • SHGetMalloc.SHELL32(?), ref: 0046153B
                                                                                                            • GetActiveWindow.USER32 ref: 0046159F
                                                                                                            • CoInitialize.OLE32(00000000), ref: 004615B3
                                                                                                            • SHBrowseForFolder.SHELL32(?), ref: 004615CA
                                                                                                            • CoUninitialize.OLE32(0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615DF
                                                                                                            • SetActiveWindow.USER32(?,0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615F5
                                                                                                            • SetActiveWindow.USER32(?,?,0046160B,00000000,?,?,?,?,?,00000000,0046168F), ref: 004615FE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                                                            • String ID: A
                                                                                                            • API String ID: 2684663990-3554254475
                                                                                                            • Opcode ID: 703f1963e0dc72a1c395d9026068ceb343fdf60ef3171849bb259b064323ba87
                                                                                                            • Instruction ID: 8a944d3e7b26c7d839f1ecf9cf32de2b38f87d5f920ef02beae42f78277bfb86
                                                                                                            • Opcode Fuzzy Hash: 703f1963e0dc72a1c395d9026068ceb343fdf60ef3171849bb259b064323ba87
                                                                                                            • Instruction Fuzzy Hash: 62312D70E00358AFDB00EFA6D885A9EBBF8EB09304F55847AF405E7251E7789A048B59
                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000,?,00472B89,?,?,00000000,00472DF8), ref: 00472890
                                                                                                              • Part of subcall function 0042CD94: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE0A
                                                                                                              • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000,?,00472B89), ref: 00472907
                                                                                                            • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,0047292D,?,?,?,00000008,00000000,00000000,00000000), ref: 0047290D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                                                            • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                                                            • API String ID: 884541143-1710247218
                                                                                                            • Opcode ID: 8c120786a4ea8c92214831f90170699f67ddada7000dc7cca521b0e92e4fa8e9
                                                                                                            • Instruction ID: c9f0bcdda41dfe4bc4fb8c2ad9af4abf79d42ba832169be77a83c6f088ccd444
                                                                                                            • Opcode Fuzzy Hash: 8c120786a4ea8c92214831f90170699f67ddada7000dc7cca521b0e92e4fa8e9
                                                                                                            • Instruction Fuzzy Hash: A711D0F07005147BD701F66A8D82BAFB2ACDB49714F65807BB604B72C1DB7CAE01865C
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D10D
                                                                                                            • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D11D
                                                                                                            • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D12D
                                                                                                            • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D13D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                                                            • API String ID: 190572456-3516654456
                                                                                                            • Opcode ID: 642f53b55b6c69fa488a6078c858724ccece433db3f4d1a063b28ca439a42b30
                                                                                                            • Instruction ID: 41a921eeb660c13fccdf509460c8c4a7353affed60c98b376863fdd8d28133a2
                                                                                                            • Opcode Fuzzy Hash: 642f53b55b6c69fa488a6078c858724ccece433db3f4d1a063b28ca439a42b30
                                                                                                            • Instruction Fuzzy Hash: 1A01FFB0D00B00DAE724EFB69D9572736A5AB64306F14C03B9C09962A6D7790858DF6C
                                                                                                            APIs
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0041A9B9
                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041A9F3
                                                                                                            • SetBkColor.GDI32(?,?), ref: 0041AA08
                                                                                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA52
                                                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041AA5D
                                                                                                            • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA6D
                                                                                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAAC
                                                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041AAB6
                                                                                                            • SetBkColor.GDI32(00000000,?), ref: 0041AAC3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$StretchText
                                                                                                            • String ID:
                                                                                                            • API String ID: 2984075790-0
                                                                                                            • Opcode ID: d922b450a47b78d2b04aec2ac0d2e0f837e00e48c8544b253d9025e975fd03f1
                                                                                                            • Instruction ID: 4467ea82dd13d464879b0bd0dd0607b47ee3045dce17e21d2c6451b7f26a8ea4
                                                                                                            • Opcode Fuzzy Hash: d922b450a47b78d2b04aec2ac0d2e0f837e00e48c8544b253d9025e975fd03f1
                                                                                                            • Instruction Fuzzy Hash: 8761E5B5A00505AFCB40EFADD985E9AB7F8EF08314B10816AF908DB262C775ED40CF58
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                            • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,004580C8,?, /s ",?,regsvr32.exe",?,004580C8), ref: 0045803A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseDirectoryHandleSystem
                                                                                                            • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                                                            • API String ID: 2051275411-1862435767
                                                                                                            • Opcode ID: d723b4d4e63128474f1a7954f42046bb5ea4c3ccf1ebb930fe5345dfcc04232a
                                                                                                            • Instruction ID: e9c79437d4df6862de8c7cd7f55e60b8630b5ed7fadd4497393df937d865c406
                                                                                                            • Opcode Fuzzy Hash: d723b4d4e63128474f1a7954f42046bb5ea4c3ccf1ebb930fe5345dfcc04232a
                                                                                                            • Instruction Fuzzy Hash: AA410670A043086BDB11EFD6D842B8EB7B9AF45705F51407FA904BB292DF789A0D8B19
                                                                                                            APIs
                                                                                                            • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A9
                                                                                                            • GetSysColor.USER32(00000014), ref: 0044D1B0
                                                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C8
                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1F1
                                                                                                            • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1FB
                                                                                                            • GetSysColor.USER32(00000010), ref: 0044D202
                                                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0044D21A
                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D243
                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D26E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Text$Color$Draw$OffsetRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 1005981011-0
                                                                                                            • Opcode ID: 4054566e8ba3b89cdd91132f39c510e9855df1fb138f21794d8e69447c138b72
                                                                                                            • Instruction ID: 8406a00effd73db105afccad7da3796984cf264811f0ddac3e5cace4e0ac1d2b
                                                                                                            • Opcode Fuzzy Hash: 4054566e8ba3b89cdd91132f39c510e9855df1fb138f21794d8e69447c138b72
                                                                                                            • Instruction Fuzzy Hash: A021BDB42015047FC710FB2ACD8AE8B6BDCDF19319B05457AB958EB292C67CDD404668
                                                                                                            APIs
                                                                                                              • Part of subcall function 004776B4: GetWindowThreadProcessId.USER32(00000000), ref: 004776BC
                                                                                                              • Part of subcall function 004776B4: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004777B3,0049C0A4,00000000), ref: 004776CF
                                                                                                              • Part of subcall function 004776B4: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004776D5
                                                                                                            • SendMessageA.USER32(00000000,0000004A,00000000,F{G), ref: 004777C1
                                                                                                            • GetTickCount.KERNEL32 ref: 00477806
                                                                                                            • GetTickCount.KERNEL32 ref: 00477810
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 00477865
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                                                            • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d$F{G
                                                                                                            • API String ID: 613034392-3657229555
                                                                                                            • Opcode ID: 6d97cf5564b98f17fd9f3b8579433905f0e6c95bef7ad8bee9a9e7eacc473beb
                                                                                                            • Instruction ID: 2d480610a6b59e2baa88e371a3ce18c9cee9fe0f547c40ec3b8b85eb822a561a
                                                                                                            • Opcode Fuzzy Hash: 6d97cf5564b98f17fd9f3b8579433905f0e6c95bef7ad8bee9a9e7eacc473beb
                                                                                                            • Instruction Fuzzy Hash: CB31A234F042159ADB10EBB9C8867EE76A1AB44314F90847BF548EB392D67C9D01CBAD
                                                                                                            APIs
                                                                                                              • Part of subcall function 0045092C: SetEndOfFile.KERNEL32(?,?,0045C192,00000000,0045C31D,?,00000000,00000002,00000002), ref: 00450933
                                                                                                              • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                            • GetWindowThreadProcessId.USER32(00000000,?), ref: 004960F5
                                                                                                            • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00496109
                                                                                                            • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00496123
                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 0049612F
                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496135
                                                                                                            • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00496148
                                                                                                            Strings
                                                                                                            • Deleting Uninstall data files., xrefs: 0049606B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                                                            • String ID: Deleting Uninstall data files.
                                                                                                            • API String ID: 1570157960-2568741658
                                                                                                            • Opcode ID: 1c14f06cf20906d6098757f7c161041ddb556eb254dcbfb897c76230ada43d7f
                                                                                                            • Instruction ID: a2b0394162f9d438edd1a59a6b8f88e08a82a6f464fdedc4f7b2e31c99877ff7
                                                                                                            • Opcode Fuzzy Hash: 1c14f06cf20906d6098757f7c161041ddb556eb254dcbfb897c76230ada43d7f
                                                                                                            • Instruction Fuzzy Hash: 5F218570304250AFEB10EB7AFCC6B163798EB54728F52453BB505962D3D67CAC04CA6C
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0047016D,?,?,?,?,00000000), ref: 004700D7
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,0047016D), ref: 004700EE
                                                                                                            • AddFontResourceA.GDI32(00000000), ref: 0047010B
                                                                                                            • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 0047011F
                                                                                                            Strings
                                                                                                            • Failed to open Fonts registry key., xrefs: 004700F5
                                                                                                            • Failed to set value in Fonts registry key., xrefs: 004700E0
                                                                                                            • AddFontResource, xrefs: 00470129
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                                                            • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                                                            • API String ID: 955540645-649663873
                                                                                                            • Opcode ID: fb5005e48ab5c7daaaac94a0dc4afa742b509cb9d69f51cda3f3c10b282e3f45
                                                                                                            • Instruction ID: 4679b390ee7f38cc50779b5755f8f256d37ac4db7264feb969586a41c0613652
                                                                                                            • Opcode Fuzzy Hash: fb5005e48ab5c7daaaac94a0dc4afa742b509cb9d69f51cda3f3c10b282e3f45
                                                                                                            • Instruction Fuzzy Hash: 1E21F470741204BBD710EA669C42FAE779DDB45704F908077B904EB3C2DA7DEE01962D
                                                                                                            APIs
                                                                                                              • Part of subcall function 00416410: GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                              • Part of subcall function 00416410: UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                              • Part of subcall function 00416410: RegisterClassA.USER32(?), ref: 004164CE
                                                                                                            • GetVersion.KERNEL32 ref: 00462CD4
                                                                                                            • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00462D12
                                                                                                            • SHGetFileInfo.SHELL32(00462DB0,00000000,?,00000160,00004011), ref: 00462D2F
                                                                                                            • LoadCursorA.USER32(00000000,00007F02), ref: 00462D4D
                                                                                                            • SetCursor.USER32(00000000,00000000,00007F02,00462DB0,00000000,?,00000160,00004011), ref: 00462D53
                                                                                                            • SetCursor.USER32(?,00462D93,00007F02,00462DB0,00000000,?,00000160,00004011), ref: 00462D86
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                                                            • String ID: Explorer
                                                                                                            • API String ID: 2594429197-512347832
                                                                                                            • Opcode ID: b2508eec98d805366e2f4507ea44d46b961a44d372cb9f0a28019716940d75e3
                                                                                                            • Instruction ID: 9dbbc9fa048eb90f76178aab56daef4cc46522196ca1757d39461a436d1c0ce4
                                                                                                            • Opcode Fuzzy Hash: b2508eec98d805366e2f4507ea44d46b961a44d372cb9f0a28019716940d75e3
                                                                                                            • Instruction Fuzzy Hash: A521D2707403047AE711BB758D47B9A36989B09708F5004BFF608EA2C3EEBC9801866E
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EA9
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477EAF
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477EC2
                                                                                                            • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02182BE0,?,?,?,02182BE0), ref: 00477EEC
                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,02182BE0,00478054,00000000,00478172,?,?,-00000010,?), ref: 00477F0A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                                                            • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                                                            • API String ID: 2704155762-2318956294
                                                                                                            • Opcode ID: 4ac9b8a734794afedd7c4e5dff1684406e57be29ff440d920efac7cf7b76c0e4
                                                                                                            • Instruction ID: 07fb0e6c3cbff21d125a0516fcac6af2f028e938fd8349bed9720d5bfc433141
                                                                                                            • Opcode Fuzzy Hash: 4ac9b8a734794afedd7c4e5dff1684406e57be29ff440d920efac7cf7b76c0e4
                                                                                                            • Instruction Fuzzy Hash: 2101B55074870536E520316A5E86FBF648C8B5477DF548137FB1CEE2D2E9AC9D06026E
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(00000000,00459DDE,?,00000000,00000000,00000000,?,00000006,?,00000000,004973CD,?,00000000,00497470), ref: 00459D22
                                                                                                              • Part of subcall function 004543F4: FindClose.KERNEL32(000000FF,004544EA), ref: 004544D9
                                                                                                            Strings
                                                                                                            • Deleting directory: %s, xrefs: 00459CAB
                                                                                                            • Failed to strip read-only attribute., xrefs: 00459CF0
                                                                                                            • Stripped read-only attribute., xrefs: 00459CE4
                                                                                                            • Failed to delete directory (%d). Will retry later., xrefs: 00459D3B
                                                                                                            • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459CFC
                                                                                                            • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459D97
                                                                                                            • Failed to delete directory (%d)., xrefs: 00459DB8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseErrorFindLast
                                                                                                            • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                                                            • API String ID: 754982922-1448842058
                                                                                                            • Opcode ID: 8aabd4c25723369bf9534759df9b588e5f8490088031ca791ae669e8a2666fca
                                                                                                            • Instruction ID: 5a692d040748e25b342bfc59b5c440c53b4552d2faa6a9747d6521fe41ba2a01
                                                                                                            • Opcode Fuzzy Hash: 8aabd4c25723369bf9534759df9b588e5f8490088031ca791ae669e8a2666fca
                                                                                                            • Instruction Fuzzy Hash: 69419330A04248DACB10DB6A98417AE76B59F8530AF54857BAC05E7383DB7C8D0DC75D
                                                                                                            APIs
                                                                                                            • GetCapture.USER32 ref: 00422EA4
                                                                                                            • GetCapture.USER32 ref: 00422EB3
                                                                                                            • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EB9
                                                                                                            • ReleaseCapture.USER32 ref: 00422EBE
                                                                                                            • GetActiveWindow.USER32 ref: 00422ECD
                                                                                                            • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F4C
                                                                                                            • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FB0
                                                                                                            • GetActiveWindow.USER32 ref: 00422FBF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 862346643-0
                                                                                                            • Opcode ID: 3da4ec300de865232a3f60c9f80223c2bbe2427c246ff190c68097af5e341dae
                                                                                                            • Instruction ID: c6261992695b47722d84ffa44129b55dc5b2a4dad2f70b0012283783c1c7b094
                                                                                                            • Opcode Fuzzy Hash: 3da4ec300de865232a3f60c9f80223c2bbe2427c246ff190c68097af5e341dae
                                                                                                            • Instruction Fuzzy Hash: 24417230B00245AFDB10EB69DA86B9E77F1EF44304F5540BAF404AB2A2D778AE40DB49
                                                                                                            APIs
                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 0042F2BA
                                                                                                            • GetWindowLongA.USER32(?,000000EC), ref: 0042F2D1
                                                                                                            • GetActiveWindow.USER32 ref: 0042F2DA
                                                                                                            • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F307
                                                                                                            • SetActiveWindow.USER32(?,0042F437,00000000,?), ref: 0042F328
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveLong$Message
                                                                                                            • String ID:
                                                                                                            • API String ID: 2785966331-0
                                                                                                            • Opcode ID: ca0cfe640851e4463c520fee9942c9233ac98ecb3d765a436798e71af7845e74
                                                                                                            • Instruction ID: ac844ef734d24c76dc9aa96f201b13a865b129e9c1b137beabd8cb6517960092
                                                                                                            • Opcode Fuzzy Hash: ca0cfe640851e4463c520fee9942c9233ac98ecb3d765a436798e71af7845e74
                                                                                                            • Instruction Fuzzy Hash: F931D271A00254AFEB01EFA5DD52E6EBBB8EB09304F9144BAF804E3291D73C9D10CB58
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0042948A
                                                                                                            • GetTextMetricsA.GDI32(00000000), ref: 00429493
                                                                                                              • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004294A2
                                                                                                            • GetTextMetricsA.GDI32(00000000,?), ref: 004294AF
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004294B6
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 004294BE
                                                                                                            • GetSystemMetrics.USER32(00000006), ref: 004294E3
                                                                                                            • GetSystemMetrics.USER32(00000006), ref: 004294FD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Metrics$ObjectSelectSystemText$CreateFontIndirectRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 1583807278-0
                                                                                                            • Opcode ID: 62880ac9d08e5d684fd074e0f3ca61438eede96ade4d4e291019075c7fd144c0
                                                                                                            • Instruction ID: 8a5b62ad3b2811282b00f4aa11bc4c2c065e9b9ae855548013837f5c18493421
                                                                                                            • Opcode Fuzzy Hash: 62880ac9d08e5d684fd074e0f3ca61438eede96ade4d4e291019075c7fd144c0
                                                                                                            • Instruction Fuzzy Hash: 0F01C4A17087103BE321767A9CC6F6F65C8DB44358F84043BF686D63D3D96C9C41866A
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0041DE27
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0041DE31
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 0041DE3E
                                                                                                            • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE4D
                                                                                                            • GetStockObject.GDI32(00000007), ref: 0041DE5B
                                                                                                            • GetStockObject.GDI32(00000005), ref: 0041DE67
                                                                                                            • GetStockObject.GDI32(0000000D), ref: 0041DE73
                                                                                                            • LoadIconA.USER32(00000000,00007F00), ref: 0041DE84
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectStock$CapsDeviceIconLoadRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 225703358-0
                                                                                                            • Opcode ID: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                            • Instruction ID: 282f56568f1177e4dad385ec7f61a974d29090d827cf1f87eb40c920fa9ca7e8
                                                                                                            • Opcode Fuzzy Hash: 93123cf7b7da28845296a778695a34f9ae7968dfa7e72d2685fd09fde09bf652
                                                                                                            • Instruction Fuzzy Hash: 4C1142706457015EE340BFA66E52B6A36A4D725708F40413FF609AF3D1D77A2C448B9E
                                                                                                            APIs
                                                                                                            • LoadCursorA.USER32(00000000,00007F02), ref: 004631B8
                                                                                                            • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046324D), ref: 004631BE
                                                                                                            • SetCursor.USER32(?,00463235,00007F02,00000000,0046324D), ref: 00463228
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Cursor$Load
                                                                                                            • String ID: $ $Internal error: Item already expanding
                                                                                                            • API String ID: 1675784387-1948079669
                                                                                                            • Opcode ID: 9a907484170bb085a46c4a598b93bfbbd2bc194262705c34c2f461fc244cfbd4
                                                                                                            • Instruction ID: 06b17efc2869e1117ca0a97e11558f018c2dd138a4dd01a316207194f11c04f7
                                                                                                            • Opcode Fuzzy Hash: 9a907484170bb085a46c4a598b93bfbbd2bc194262705c34c2f461fc244cfbd4
                                                                                                            • Instruction Fuzzy Hash: 74B1B430A00284DFD711DF69C585B9EBBF0BF04305F1484AAE8459B792DB78EE45CB16
                                                                                                            APIs
                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453E17
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: PrivateProfileStringWrite
                                                                                                            • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                                                            • API String ID: 390214022-3304407042
                                                                                                            • Opcode ID: 4acafb8f8444067680350d3d4e03481623aa06ca7574397e5033f2f4cf45a0b5
                                                                                                            • Instruction ID: 4c4b1d7f09994941c57eaafc4db68242d6a3f6c21ecd3f2b5b8f846a746055a2
                                                                                                            • Opcode Fuzzy Hash: 4acafb8f8444067680350d3d4e03481623aa06ca7574397e5033f2f4cf45a0b5
                                                                                                            • Instruction Fuzzy Hash: 40911434E002099BDB01EFA5D842BDEB7F5AF4874AF608466E90077392D7786E49CB58
                                                                                                            APIs
                                                                                                            • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 004767C9
                                                                                                            • SetWindowLongW.USER32(00000000,000000FC,00476724), ref: 004767F0
                                                                                                            • GetACP.KERNEL32(00000000,00476A08,?,00000000,00476A32), ref: 0047682D
                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00476873
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassInfoLongMessageSendWindow
                                                                                                            • String ID: COMBOBOX$Inno Setup: Language
                                                                                                            • API String ID: 3391662889-4234151509
                                                                                                            • Opcode ID: 7b097581a500be05759954e33284123b2b89370f46c26a428eff7c4db0c5a69c
                                                                                                            • Instruction ID: bb27e68bfa0a4e6e36c1c9b1f46c00cfa2f47713d75b81585866a7fa3ef15c14
                                                                                                            • Opcode Fuzzy Hash: 7b097581a500be05759954e33284123b2b89370f46c26a428eff7c4db0c5a69c
                                                                                                            • Instruction Fuzzy Hash: C0813F746006059FC710EF69D885AEAB7F2FB09304F16C1BAE848E7362D738AD45CB59
                                                                                                            APIs
                                                                                                            • GetSystemDefaultLCID.KERNEL32(00000000,00408968,?,?,?,?,00000000,00000000,00000000,?,0040996F,00000000,00409982), ref: 0040873A
                                                                                                              • Part of subcall function 00408568: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408633,?,00000000,00408712), ref: 00408586
                                                                                                              • Part of subcall function 004085B4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087B6,?,?,?,00000000,00408968), ref: 004085C7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLocale$DefaultSystem
                                                                                                            • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                                                            • API String ID: 1044490935-665933166
                                                                                                            • Opcode ID: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                            • Instruction ID: 5c6fde8006682913ecab3173e7335377554a92ac61a87523d81808753b4ec1a9
                                                                                                            • Opcode Fuzzy Hash: 99a58aab46255149f4b24f4520dbd6929c7443738739b227c4cc8c7d24f61a81
                                                                                                            • Instruction Fuzzy Hash: 7D516C24B00108ABDB01FBA69E4169EB7A9DB94308F50C07FA181BB3C3CE3DDA05975D
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32(00000000,004118F9), ref: 0041178C
                                                                                                            • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 0041184A
                                                                                                              • Part of subcall function 00411AAC: CreatePopupMenu.USER32 ref: 00411AC6
                                                                                                            • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118D6
                                                                                                              • Part of subcall function 00411AAC: CreateMenu.USER32 ref: 00411AD0
                                                                                                            • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118BD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                                                            • String ID: ,$?
                                                                                                            • API String ID: 2359071979-2308483597
                                                                                                            • Opcode ID: b9a2b6ccc88d9caa62c3975205c07352f987ccdbf84bf9e0cd5a88eec52abf91
                                                                                                            • Instruction ID: ecf66c9774bccec907b621c371347452b74b7622051e058d8a4a73451c3e974f
                                                                                                            • Opcode Fuzzy Hash: b9a2b6ccc88d9caa62c3975205c07352f987ccdbf84bf9e0cd5a88eec52abf91
                                                                                                            • Instruction Fuzzy Hash: D7510674A00245ABDB10EF6ADC816EA7BF9AF09304B11857BF904E73A6D738DD41CB58
                                                                                                            APIs
                                                                                                            • GetObjectA.GDI32(?,00000018,?), ref: 0041BF28
                                                                                                            • GetObjectA.GDI32(?,00000018,?), ref: 0041BF37
                                                                                                            • GetBitmapBits.GDI32(?,?,?), ref: 0041BF88
                                                                                                            • GetBitmapBits.GDI32(?,?,?), ref: 0041BF96
                                                                                                            • DeleteObject.GDI32(?), ref: 0041BF9F
                                                                                                            • DeleteObject.GDI32(?), ref: 0041BFA8
                                                                                                            • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFC5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                                                            • String ID:
                                                                                                            • API String ID: 1030595962-0
                                                                                                            • Opcode ID: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                            • Instruction ID: 74cae3b7aa7aab4ce12a2fbd062d204c5c4082198076ec6df892ad84fd278e80
                                                                                                            • Opcode Fuzzy Hash: dabea464bc85c36b4411cc83672e19ff5768c85fc4c65aec36842f1966395034
                                                                                                            • Instruction Fuzzy Hash: 6A510671A002199FCB10DFA9C9819EEB7F9EF48314B11416AF914E7395D738AD41CB68
                                                                                                            APIs
                                                                                                            • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEFE
                                                                                                            • GetDeviceCaps.GDI32(00000000,00000026), ref: 0041CF1D
                                                                                                            • SelectPalette.GDI32(?,?,00000001), ref: 0041CF83
                                                                                                            • RealizePalette.GDI32(?), ref: 0041CF92
                                                                                                            • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFFC
                                                                                                            • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D03A
                                                                                                            • SelectPalette.GDI32(?,?,00000001), ref: 0041D05F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: PaletteStretch$Select$BitsCapsDeviceModeRealize
                                                                                                            • String ID:
                                                                                                            • API String ID: 2222416421-0
                                                                                                            • Opcode ID: c6a16a19dcf28552bada6898b81586dc49cb1edacb7efb66bca37046f5d7e7da
                                                                                                            • Instruction ID: 4b814cf558339e083a7fb5ccd56fb4ffad9fd0a27a4bfdacf16c2dd2476febac
                                                                                                            • Opcode Fuzzy Hash: c6a16a19dcf28552bada6898b81586dc49cb1edacb7efb66bca37046f5d7e7da
                                                                                                            • Instruction Fuzzy Hash: D2515EB0604200AFDB14DFA8C985F9BBBE9EF08304F10459AB549DB292C778ED81CB58
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,?,?), ref: 0045717A
                                                                                                              • Part of subcall function 0042427C: GetWindowTextA.USER32(?,?,00000100), ref: 0042429C
                                                                                                              • Part of subcall function 0041EEA4: GetCurrentThreadId.KERNEL32 ref: 0041EEF3
                                                                                                              • Part of subcall function 0041EEA4: EnumThreadWindows.USER32(00000000,0041EE54,00000000), ref: 0041EEF9
                                                                                                              • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                            • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004571E1
                                                                                                            • TranslateMessage.USER32(?), ref: 004571FF
                                                                                                            • DispatchMessageA.USER32(?), ref: 00457208
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
                                                                                                            • String ID: [Paused]
                                                                                                            • API String ID: 1007367021-4230553315
                                                                                                            • Opcode ID: fd37f0685e9949bc630816f418b91ae10989fde9f4c26f7dfdebc9041f05c988
                                                                                                            • Instruction ID: 9c65c5789669556775cb04b7d8b700a3e8427f17a0623b42c67a15115a154b53
                                                                                                            • Opcode Fuzzy Hash: fd37f0685e9949bc630816f418b91ae10989fde9f4c26f7dfdebc9041f05c988
                                                                                                            • Instruction Fuzzy Hash: 3A3196309082449EDB11DFB5EC81FDEBBB8EB49314F5580B7F800E7292D6389909CB69
                                                                                                            APIs
                                                                                                            • GetCursor.USER32(00000000,0046B3D3), ref: 0046B350
                                                                                                            • LoadCursorA.USER32(00000000,00007F02), ref: 0046B35E
                                                                                                            • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B364
                                                                                                            • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B36E
                                                                                                            • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B3D3), ref: 0046B374
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Cursor$LoadSleep
                                                                                                            • String ID: CheckPassword
                                                                                                            • API String ID: 4023313301-1302249611
                                                                                                            • Opcode ID: 9ec6fbb627a2037d8b10d3b03f13e16da416f17f6db7f06dbaba65bff406c05b
                                                                                                            • Instruction ID: 12e539274ef1f9e2a04eba0c68275a436143f563f239c7c10787bf1112b5c925
                                                                                                            • Opcode Fuzzy Hash: 9ec6fbb627a2037d8b10d3b03f13e16da416f17f6db7f06dbaba65bff406c05b
                                                                                                            • Instruction Fuzzy Hash: 883140347402449FD711DB69C899B9A7BE4EB05304F5580B6BC44DB392D7789E80CB99
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045968F
                                                                                                            Strings
                                                                                                            • Fusion.dll, xrefs: 0045962F
                                                                                                            • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045969A
                                                                                                            • Failed to load .NET Framework DLL "%s", xrefs: 00459674
                                                                                                            • CreateAssemblyCache, xrefs: 00459686
                                                                                                            • .NET Framework CreateAssemblyCache function failed, xrefs: 004596B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                                                            • API String ID: 190572456-3990135632
                                                                                                            • Opcode ID: c76a925808990de0a4edfa3a9bd9e2f18b95e6c6c4d3f27ecf656a26428a2687
                                                                                                            • Instruction ID: 16de9e68b372fd706bfdce8394bce33e03e331de8444419fbf47e642e04e3cf3
                                                                                                            • Opcode Fuzzy Hash: c76a925808990de0a4edfa3a9bd9e2f18b95e6c6c4d3f27ecf656a26428a2687
                                                                                                            • Instruction Fuzzy Hash: E1318B71E10605EBCB01EFA9C88159EB7B4EF44315F50857BE814E7382DB389E08C799
                                                                                                            APIs
                                                                                                              • Part of subcall function 0041C048: GetObjectA.GDI32(?,00000018), ref: 0041C055
                                                                                                            • GetFocus.USER32 ref: 0041C168
                                                                                                            • GetDC.USER32(?), ref: 0041C174
                                                                                                            • SelectPalette.GDI32(?,?,00000000), ref: 0041C195
                                                                                                            • RealizePalette.GDI32(?), ref: 0041C1A1
                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B8
                                                                                                            • SelectPalette.GDI32(?,00000000,00000000), ref: 0041C1E0
                                                                                                            • ReleaseDC.USER32(?,?), ref: 0041C1ED
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Palette$Select$BitsFocusObjectRealizeRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 3303097818-0
                                                                                                            • Opcode ID: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                            • Instruction ID: 25a0b6576c779426e59073023ceed4ef49f3845c1b310514cd4f08ef327de147
                                                                                                            • Opcode Fuzzy Hash: 26117fda3ddcda01a6cc84f42a4f6ec069d0e010bd6cdd98afb854c6c7779a8d
                                                                                                            • Instruction Fuzzy Hash: 49116D71A44604BFDF10DBE9CC81FAFB7FCEB48700F50486AB518E7281DA7899008B28
                                                                                                            APIs
                                                                                                            • GetSystemMetrics.USER32(0000000E), ref: 00418C70
                                                                                                            • GetSystemMetrics.USER32(0000000D), ref: 00418C78
                                                                                                            • 6F9A2980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C7E
                                                                                                              • Part of subcall function 004107F8: 6F99C400.COMCTL32(0049B628,000000FF,00000000,00418CAC,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004107FC
                                                                                                            • 6FA0CB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CCE
                                                                                                            • 6FA0C740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD9
                                                                                                            • 6FA0CB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000), ref: 00418CEC
                                                                                                            • 6F9A0860.COMCTL32(0049B628,00418D0F,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D08,?,00000000,0000000D,00000000,0000000E), ref: 00418D02
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$A0860A2980C400C740
                                                                                                            • String ID:
                                                                                                            • API String ID: 1086221473-0
                                                                                                            • Opcode ID: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                            • Instruction ID: f48c8f8e6a400555c090207229051c9eae11b8a9b20c4da93df477ea8fa1a9e8
                                                                                                            • Opcode Fuzzy Hash: e2c7fe5230f8d2f143d47c0d6a7892a097693e1c100db4317caf46c6149257f7
                                                                                                            • Instruction Fuzzy Hash: 6B112475744204BBDB50EBA9EC82FAD73F8DB08704F504066B514EB2C1DAB9AD808759
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00483808), ref: 004837ED
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                                                            • API String ID: 47109696-2530820420
                                                                                                            • Opcode ID: 6cffb51fcf675e5b5ff337e99a1a510b156e53e1e1d602fe7582bc6a3ac7d990
                                                                                                            • Instruction ID: c613687e0df8eb2305741995cd8b82d1e16d8def3fb188134640bd78fd3b844b
                                                                                                            • Opcode Fuzzy Hash: 6cffb51fcf675e5b5ff337e99a1a510b156e53e1e1d602fe7582bc6a3ac7d990
                                                                                                            • Instruction Fuzzy Hash: 7711AFB0B00204AAD700FBA68C12A5EBAE8DB55B09F208877A800E7681E73CDB01875C
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 00495089
                                                                                                              • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004950AB
                                                                                                            • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00495629), ref: 004950BF
                                                                                                            • GetTextMetricsA.GDI32(00000000,?), ref: 004950E1
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 004950FE
                                                                                                            Strings
                                                                                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 004950B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Text$CreateExtentFontIndirectMetricsObjectPointReleaseSelect
                                                                                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                            • API String ID: 2948443157-222967699
                                                                                                            • Opcode ID: 53fe9a462762cb4918ee61071ab08c48f7ebae39ed882d9ecfdb03bcb5db6ebb
                                                                                                            • Instruction ID: d310c62e5609ca3062061d10b625b1d271ae10615434581f3ecc8597d6741426
                                                                                                            • Opcode Fuzzy Hash: 53fe9a462762cb4918ee61071ab08c48f7ebae39ed882d9ecfdb03bcb5db6ebb
                                                                                                            • Instruction Fuzzy Hash: 76014875A04704BFDB05DBA5CC42F5EB7ECDB49714F614476F604E7281D5789E008B68
                                                                                                            APIs
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0041B470
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0041B47F
                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4AB
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0041B4B9
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0041B4C7
                                                                                                            • DeleteDC.GDI32(00000000), ref: 0041B4D0
                                                                                                            • DeleteDC.GDI32(?), ref: 0041B4D9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectSelect$Delete$Stretch
                                                                                                            • String ID:
                                                                                                            • API String ID: 1458357782-0
                                                                                                            • Opcode ID: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                            • Instruction ID: 052e9154069abc57648b404522aaf552eddfcc6d95cd3388d63b7ef9ce004286
                                                                                                            • Opcode Fuzzy Hash: 8542cbb8adbe0fd8af4a730cfe3faeef428ae57c020086fb9cb954466ea4b08d
                                                                                                            • Instruction Fuzzy Hash: 7B115C72E40619ABDB10DAD9DC86FEFB7BCEF08704F144555B614F7282C678AC418BA8
                                                                                                            APIs
                                                                                                            • GetCursorPos.USER32 ref: 004233AF
                                                                                                            • WindowFromPoint.USER32(?,?), ref: 004233BC
                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233CA
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004233D1
                                                                                                            • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233EA
                                                                                                            • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00423401
                                                                                                            • SetCursor.USER32(00000000), ref: 00423413
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 1770779139-0
                                                                                                            • Opcode ID: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                            • Instruction ID: 22bb490dc700fc35bbf8fe9eba0271ced42fa0644d0760cf779c582944844a3d
                                                                                                            • Opcode Fuzzy Hash: 134875e674979cd567c136abb418dc525a6250aa5b529fa10794d0eebf3240cc
                                                                                                            • Instruction Fuzzy Hash: BA01D4223046103AD6217B755D82E2F26E8DB85B15F50407FF504BB283DA3D9D11937D
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll), ref: 00494EAC
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00494EB9
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00494EC6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                                                            • API String ID: 667068680-2254406584
                                                                                                            • Opcode ID: 86a2ddc52e299a4ebb71bf23d73df01b3b4fd34307be7bd5855d98afd1a17bd4
                                                                                                            • Instruction ID: 92166a125eb2f71293346f1714c1de0d588af794120117df170beecaff70c54b
                                                                                                            • Opcode Fuzzy Hash: 86a2ddc52e299a4ebb71bf23d73df01b3b4fd34307be7bd5855d98afd1a17bd4
                                                                                                            • Instruction Fuzzy Hash: 5FF0F65278171627DE1026668C41F7F6ACCDBD5761F050137BE05AB3C2E99C8C0242FD
                                                                                                            APIs
                                                                                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D4E1
                                                                                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D4F1
                                                                                                            • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D501
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc
                                                                                                            • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                                                            • API String ID: 190572456-212574377
                                                                                                            • Opcode ID: 0cec18ecd77b334d9913731d687bcbf118ffb91831bb9c9ad7683d7253c977df
                                                                                                            • Instruction ID: f545bb075b74a91891c18b47f2e11744e93a99b0212facb5d31f4bd58d546edf
                                                                                                            • Opcode Fuzzy Hash: 0cec18ecd77b334d9913731d687bcbf118ffb91831bb9c9ad7683d7253c977df
                                                                                                            • Instruction Fuzzy Hash: 6EF0D0B0D01704EAE724DFB6ACC77363A959BA431AF14943B9A0D96263E678044DCF2D
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,00480DAC), ref: 0042EA35
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA3B
                                                                                                            • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA4C
                                                                                                              • Part of subcall function 0042E9AC: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                              • Part of subcall function 0042E9AC: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                              • Part of subcall function 0042E9AC: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                            • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA60
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                                                            • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                                                            • API String ID: 142928637-2676053874
                                                                                                            • Opcode ID: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                            • Instruction ID: 20967f7a279d57b19857f2ad39d34e10c6be6de8430a8d3efc5b40b14e24a4c3
                                                                                                            • Opcode Fuzzy Hash: 2e6935975283b392abf6eb535232e6e33c7297ce4864da2c850d0b2669d54df9
                                                                                                            • Instruction Fuzzy Hash: 99E092A1741B20EAEA10B7B67C86FAA2658EB1076DF500037F100A51F1C3BD1C80CE9E
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F089), ref: 0044C7EB
                                                                                                            • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7FC
                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C80C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                            • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                                                            • API String ID: 2238633743-1050967733
                                                                                                            • Opcode ID: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                            • Instruction ID: d6497c9818d993b67a5702c7731996643d684f189bbd4b702b1f6e54e13363b7
                                                                                                            • Opcode Fuzzy Hash: 580db4225bb49e0f2395934ae602c4dd6ca827d8c76c18c7318a842ee4a54372
                                                                                                            • Instruction Fuzzy Hash: 50F0DA70282305CAE750BBB5FDD57263694E3A470AF18277BE841551A2C7B94844CB8C
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498794), ref: 00478746
                                                                                                            • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 00478753
                                                                                                            • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 00478763
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                                                            • API String ID: 667068680-222143506
                                                                                                            • Opcode ID: c231c6f2b70c156a9a87dd751a131f3597001cd76c60e66cfe2a3d12b45a0e7a
                                                                                                            • Instruction ID: d9a2c3c187cd73cba94933972f30ec689a131e62bb2a59a557d4d9670201d7da
                                                                                                            • Opcode Fuzzy Hash: c231c6f2b70c156a9a87dd751a131f3597001cd76c60e66cfe2a3d12b45a0e7a
                                                                                                            • Instruction Fuzzy Hash: 79C0C9F02C0700EA9604B7F11CCBA7A2548C500729330803FB19EA6182D97C0C104A6C
                                                                                                            APIs
                                                                                                            • GetFocus.USER32 ref: 0041B745
                                                                                                            • GetDC.USER32(?), ref: 0041B751
                                                                                                            • SelectPalette.GDI32(00000000,?,00000000), ref: 0041B786
                                                                                                            • RealizePalette.GDI32(00000000), ref: 0041B792
                                                                                                            • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041B7C0
                                                                                                            • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041B7F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                            • String ID:
                                                                                                            • API String ID: 3275473261-0
                                                                                                            • Opcode ID: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                            • Instruction ID: 38bdddf8d72f5571b31e8017bfcff87152bbfcb95d4f6cd7f9962c0a723fddb9
                                                                                                            • Opcode Fuzzy Hash: 9b17a45ebd00e155e5aeae17ac6cac102e8e00fd56b9a0d3692e3d2bf0971335
                                                                                                            • Instruction Fuzzy Hash: 8A512F70A002099FDF11DFA9C881AEEBBF9FF49704F104066F504A7791D7799981CBA9
                                                                                                            APIs
                                                                                                            • GetFocus.USER32 ref: 0041BA17
                                                                                                            • GetDC.USER32(?), ref: 0041BA23
                                                                                                            • SelectPalette.GDI32(00000000,?,00000000), ref: 0041BA5D
                                                                                                            • RealizePalette.GDI32(00000000), ref: 0041BA69
                                                                                                            • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BA8D
                                                                                                            • SelectPalette.GDI32(00000000,00000000,00000000), ref: 0041BAC1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Palette$Select$BitmapCreateFocusRealize
                                                                                                            • String ID:
                                                                                                            • API String ID: 3275473261-0
                                                                                                            • Opcode ID: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                            • Instruction ID: 3fcaffe560058c7771eaec6053d79e0e1924f360d52694d27862de55114c0f48
                                                                                                            • Opcode Fuzzy Hash: f1b656a7ede54f8d65f93cc35dc493626dae048aef23b352968a277fb398f08e
                                                                                                            • Instruction Fuzzy Hash: 9D512A74A002189FDB11DFA9C891AAEBBF9FF49700F154066F904EB751D738AD40CBA4
                                                                                                            APIs
                                                                                                            • GetFocus.USER32 ref: 0041B57E
                                                                                                            • GetDC.USER32(?), ref: 0041B58A
                                                                                                            • GetDeviceCaps.GDI32(?,00000068), ref: 0041B5A6
                                                                                                            • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5C3
                                                                                                            • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 0041B5DA
                                                                                                            • ReleaseDC.USER32(?,?), ref: 0041B626
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EntriesPaletteSystem$CapsDeviceFocusRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 2502006586-0
                                                                                                            • Opcode ID: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                            • Instruction ID: 1753bd22f5710d4f749a3cf2d8329d0f84e6490acb09e3fae29671003709e3a5
                                                                                                            • Opcode Fuzzy Hash: e956e6ae92597662ed98b2f51c6b506043ab8b509e5ceb21f610fa5f8f95298e
                                                                                                            • Instruction Fuzzy Hash: D0410631A04258AFDF10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D51CBA5
                                                                                                            APIs
                                                                                                            • SetLastError.KERNEL32(00000057,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF07
                                                                                                            • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045CFD4,?,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF46
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                                                            • API String ID: 1452528299-1580325520
                                                                                                            • Opcode ID: 1bdeb0a210bc513e3c49bf4cbd891cc1911c01b4b436513822a1df069e086b30
                                                                                                            • Instruction ID: 452c5d812052531473411f8275c40b5c85b18bf76fc7955a310c39f58cd58d14
                                                                                                            • Opcode Fuzzy Hash: 1bdeb0a210bc513e3c49bf4cbd891cc1911c01b4b436513822a1df069e086b30
                                                                                                            • Instruction Fuzzy Hash: 3811A536204304AFD711DAA1C9C2A9EB69EDB44706F604037AD00A62C7D67C5F0AD52D
                                                                                                            APIs
                                                                                                            • GetSystemMetrics.USER32(0000000B), ref: 0041BDD5
                                                                                                            • GetSystemMetrics.USER32(0000000C), ref: 0041BDDF
                                                                                                            • GetDC.USER32(00000000), ref: 0041BDE9
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000E), ref: 0041BE10
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0041BE1D
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 0041BE56
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDeviceMetricsSystem$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 447804332-0
                                                                                                            • Opcode ID: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                            • Instruction ID: d5b995c8e3894394b735eabd433659eae54025482fea58e306a85006fdca5b97
                                                                                                            • Opcode Fuzzy Hash: 3bdc6123dd6674b0137b7fef1a93c0b96d54f33e4692062cf67464f69f8f60e7
                                                                                                            • Instruction Fuzzy Hash: E5212A74E04648AFEB00EFA9C941BEEB7B4EB48714F10846AF514B7690D7785940CB69
                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                                                            • LocalFree.KERNEL32(0078E5F0,00000000,00401B68), ref: 00401ACF
                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,0078E5F0,00000000,00401B68), ref: 00401AEE
                                                                                                            • LocalFree.KERNEL32(0078F5F0,?,00000000,00008000,0078E5F0,00000000,00401B68), ref: 00401B2D
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                                                            • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 3782394904-0
                                                                                                            • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                            • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                                                            • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                                                            • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                                                            APIs
                                                                                                            • GetWindowLongA.USER32(?,000000EC), ref: 0047E24A
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CBBD), ref: 0047E270
                                                                                                            • GetWindowLongA.USER32(?,000000EC), ref: 0047E280
                                                                                                            • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047E2A1
                                                                                                            • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047E2B5
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047E2D1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Long$Show
                                                                                                            • String ID:
                                                                                                            • API String ID: 3609083571-0
                                                                                                            • Opcode ID: b4e19ff4e98ab52ecda950bfdcb646100cf30b97dd598c6192f2cb622b5c4e11
                                                                                                            • Instruction ID: c2beb8629b08809d81cb9269d2d7eee694fde7899d985d279cae8c77c91b058d
                                                                                                            • Opcode Fuzzy Hash: b4e19ff4e98ab52ecda950bfdcb646100cf30b97dd598c6192f2cb622b5c4e11
                                                                                                            • Instruction Fuzzy Hash: A40140B1641210ABE610D769DE41F2237DCAB0C360F0907A6BA44EF3E3C728E8408B49
                                                                                                            APIs
                                                                                                              • Part of subcall function 0041A6E0: CreateBrushIndirect.GDI32 ref: 0041A74B
                                                                                                            • UnrealizeObject.GDI32(00000000), ref: 0041B27C
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0041B28E
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0041B2B1
                                                                                                            • SetBkMode.GDI32(?,00000002), ref: 0041B2BC
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0041B2D7
                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 0041B2E2
                                                                                                              • Part of subcall function 0041A058: GetSysColor.USER32(?), ref: 0041A062
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                            • String ID:
                                                                                                            • API String ID: 3527656728-0
                                                                                                            • Opcode ID: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                            • Instruction ID: d03b18a2b949c207061bd18b8e5d47ed8ce294e6be165222704fda36eef26a4f
                                                                                                            • Opcode Fuzzy Hash: 90af7722afa79acc590a6ee3060039fb524340e2cf7ce152cccbdcb584e8dbde
                                                                                                            • Instruction Fuzzy Hash: 56F0CD756015009BDE00FFAAD9CBE4B3B989F043097048496B908DF187CA3CD8649B3A
                                                                                                            APIs
                                                                                                              • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                            • ShowWindow.USER32(?,00000005,00000000,00497B31,?,?,00000000), ref: 00497902
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                              • Part of subcall function 004072A8: SetCurrentDirectoryA.KERNEL32(00000000,?,0049792A,00000000,00497AFD,?,?,00000005,00000000,00497B31,?,?,00000000), ref: 004072B3
                                                                                                              • Part of subcall function 0042D44C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4DA,?,?,?,00000001,?,0045607E,00000000,004560E6), ref: 0042D481
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                                                            • String ID: .dat$.msg$IMsg$Uninstall
                                                                                                            • API String ID: 3312786188-1660910688
                                                                                                            • Opcode ID: 7512cdbd572c9146c7922e267a2e3ec6043e3c2241cd3ad81f3df178027fada8
                                                                                                            • Instruction ID: 79fbc7277211ce2bf855d188aeb365c1f4e20c687b9dac3c04c4e1571c34c8ae
                                                                                                            • Opcode Fuzzy Hash: 7512cdbd572c9146c7922e267a2e3ec6043e3c2241cd3ad81f3df178027fada8
                                                                                                            • Instruction Fuzzy Hash: 44315E34A10214AFDB01EB65DC92D5E7B75FB89718B91847AF400AB392DB38BD018B58
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EADA
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAE0
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB09
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                                                            • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                                                            • API String ID: 828529508-2866557904
                                                                                                            • Opcode ID: dc376cfddf31d7f2fdf241a02509d8c694355095d88693d0378826b1ee5e642a
                                                                                                            • Instruction ID: 7e091cf0cf0c4dae12ae48626bdfb721f4796128e550bb25d34418d77cfbcdd5
                                                                                                            • Opcode Fuzzy Hash: dc376cfddf31d7f2fdf241a02509d8c694355095d88693d0378826b1ee5e642a
                                                                                                            • Instruction Fuzzy Hash: 70F0C8D034061136E620B57F5C82F7B598C8F94759F140436B109E62C2D96CA905426E
                                                                                                            APIs
                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00457E78
                                                                                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00457E99
                                                                                                            • CloseHandle.KERNEL32(?,00457ECC), ref: 00457EBF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                                                            • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                                                            • API String ID: 2573145106-3235461205
                                                                                                            • Opcode ID: 1ea0d3176aedc3e092b8d1903486a3d6a13cecd7bb31937a8215cd8aa9781b6e
                                                                                                            • Instruction ID: b72ead612c96ea1451a2df619a1119c508d9f8e19ef45bb7a80fe0c677849c01
                                                                                                            • Opcode Fuzzy Hash: 1ea0d3176aedc3e092b8d1903486a3d6a13cecd7bb31937a8215cd8aa9781b6e
                                                                                                            • Instruction Fuzzy Hash: DA01A235608304AFD711EBA9AC06A1A73A8EB49715F2040B6FC10E73D3D6389E04861D
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA70,00000004,00499934,0045703D,004573E0,00456F94,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9C2
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C8
                                                                                                            • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                                                            • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                            • API String ID: 3478007392-2498399450
                                                                                                            • Opcode ID: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                            • Instruction ID: c922fa4e85abb1c6873f36dcd01b6443d81c66d6c3501223796626af46e79b09
                                                                                                            • Opcode Fuzzy Hash: 3254194633b527647525dea76c004eb0f33bc99a9c522dc813bf1be520244ffe
                                                                                                            • Instruction Fuzzy Hash: 5CE0ECB2740324EADA103B627E8AF663558E724B19F50043BF001751F1C7FD1C80CA9E
                                                                                                            APIs
                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 004776BC
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,004777B3,0049C0A4,00000000), ref: 004776CF
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004776D5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                                                            • String ID: AllowSetForegroundWindow$user32.dll
                                                                                                            • API String ID: 1782028327-3855017861
                                                                                                            • Opcode ID: 79b78db4dd9cdf85c2be20cd47b0727ffde78e70408e3af60258cd37bb1d66b3
                                                                                                            • Instruction ID: ee14923c72d036b6004e6d5d181e2ae3dde99fc96f584ef82141a9a0fe8b283c
                                                                                                            • Opcode Fuzzy Hash: 79b78db4dd9cdf85c2be20cd47b0727ffde78e70408e3af60258cd37bb1d66b3
                                                                                                            • Instruction Fuzzy Hash: 99D0C7D0249B02AAD910B3F94D47FAF365CA954768794C47B7404E218DDABCDC00D93D
                                                                                                            APIs
                                                                                                            • BeginPaint.USER32(00000000,?), ref: 00416C52
                                                                                                            • SaveDC.GDI32(?), ref: 00416C83
                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D45), ref: 00416CE4
                                                                                                            • RestoreDC.GDI32(?,?), ref: 00416D0B
                                                                                                            • EndPaint.USER32(00000000,?,00416D4C,00000000,00416D45), ref: 00416D3F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                            • String ID:
                                                                                                            • API String ID: 3808407030-0
                                                                                                            • Opcode ID: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                            • Instruction ID: 8164e3b37c2b38cc39b91ef4074089abf19b8963c3e0e5cbd12a4ce3d65b1abe
                                                                                                            • Opcode Fuzzy Hash: ad781fe6fb59047a66b80eb53a3f65b2019eba16d1c733f202b60e39d660354f
                                                                                                            • Instruction Fuzzy Hash: A1415070A002049FCB14DBA9C585FAA77F9FF48304F1540AEE8459B362D778DD81CB58
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                            • Instruction ID: a833d86c80f2fb81cba799e3b93fc1891ddf3ebdd98a67124a25423b7ab76754
                                                                                                            • Opcode Fuzzy Hash: b6913cb722474124f75cff2ee5949f067bbdde1b56a592e148b6496e85af3d5a
                                                                                                            • Instruction Fuzzy Hash: 563132746057809FC320EF69C984B9BB7E8AF89354F04491EF9D5C3752C638E8818F19
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429808
                                                                                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429837
                                                                                                            • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 00429853
                                                                                                            • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0042987E
                                                                                                            • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 0042989C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                            • Instruction ID: 8b65b0e689063cc909dba6714575951256d1ad54ff8cece17fd29570ea6901c2
                                                                                                            • Opcode Fuzzy Hash: 399f588db94bb8b810bf5b46e1237ea7bfd7cbebe0e15a3dbf36720fb68daebb
                                                                                                            • Instruction Fuzzy Hash: 6E219D707107057BEB10AB62DC82F5B7AECAB41708F54443EB501AB2D2DFB8AE418228
                                                                                                            APIs
                                                                                                            • GetSystemMetrics.USER32(0000000B), ref: 0041BBCA
                                                                                                            • GetSystemMetrics.USER32(0000000C), ref: 0041BBD4
                                                                                                            • GetDC.USER32(00000000), ref: 0041BC12
                                                                                                            • CreateDIBitmap.GDI32(00000000,?,00000004,?,?,00000000), ref: 0041BC59
                                                                                                            • DeleteObject.GDI32(00000000), ref: 0041BC9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$BitmapCreateDeleteObject
                                                                                                            • String ID:
                                                                                                            • API String ID: 1095203571-0
                                                                                                            • Opcode ID: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                            • Instruction ID: 2a907a32995036c4e239f44386a828d3a2f1e7d44945ead90e55d18394f4d4ff
                                                                                                            • Opcode Fuzzy Hash: d6ecec59309c4539c21f746b1d4641e0a999657a412e1d938322a226e3514674
                                                                                                            • Instruction Fuzzy Hash: 5D315C70E00208EFDB04DFA5C941AAEB7F5EB48700F2084AAF514AB781D7789E40DB98
                                                                                                            APIs
                                                                                                              • Part of subcall function 0045CE9C: SetLastError.KERNEL32(00000057,00000000,0045CF68,?,?,?,?,00000000), ref: 0045CF07
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00473520,?,?,0049C1DC,00000000), ref: 004734D9
                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00473520,?,?,0049C1DC,00000000), ref: 004734EF
                                                                                                            Strings
                                                                                                            • Setting permissions on registry key: %s\%s, xrefs: 0047349E
                                                                                                            • Could not set permissions on the registry key because it currently does not exist., xrefs: 004734E3
                                                                                                            • Failed to set permissions on registry key (%d)., xrefs: 00473500
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                                                            • API String ID: 1452528299-4018462623
                                                                                                            • Opcode ID: 6a97e4f81041aadbe163303a7d14e2778330a35fec2615f3944f9ca16867819a
                                                                                                            • Instruction ID: f6b37ec0c80c1520313a246a851a493010c524415d82476cd93cad017a8f966b
                                                                                                            • Opcode Fuzzy Hash: 6a97e4f81041aadbe163303a7d14e2778330a35fec2615f3944f9ca16867819a
                                                                                                            • Instruction Fuzzy Hash: 76218670A042445FCB10DFA9C8826EEBBE4DF49315F50817BE508E7392D7785E05876D
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                            • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$AllocString
                                                                                                            • String ID:
                                                                                                            • API String ID: 262959230-0
                                                                                                            • Opcode ID: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                            • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                                                            • Opcode Fuzzy Hash: dcd45591e65b03bd276bb2a5b0fabad56ebf76f0c081827c2345b0a7b763a240
                                                                                                            • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                                                            APIs
                                                                                                            • SelectPalette.GDI32(00000000,00000000,00000000), ref: 00414419
                                                                                                            • RealizePalette.GDI32(00000000), ref: 00414421
                                                                                                            • SelectPalette.GDI32(00000000,00000000,00000001), ref: 00414435
                                                                                                            • RealizePalette.GDI32(00000000), ref: 0041443B
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00414446
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Palette$RealizeSelect$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 2261976640-0
                                                                                                            • Opcode ID: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                            • Instruction ID: 3cc421e061c7a323c9855e33cbe13bf4890882f9e8533d15179bd5f7679f66d2
                                                                                                            • Opcode Fuzzy Hash: c9c8aa66f6917016d7555c0ac5b3df2d15848593dde74026b2272496f15e705b
                                                                                                            • Instruction Fuzzy Hash: A2018F7520C3806AE600A63D8C85A9F6BED9FCA718F15446EF495DB282DA7AC8018765
                                                                                                            APIs
                                                                                                              • Part of subcall function 0041F074: GetActiveWindow.USER32 ref: 0041F077
                                                                                                              • Part of subcall function 0041F074: GetCurrentThreadId.KERNEL32 ref: 0041F08C
                                                                                                              • Part of subcall function 0041F074: EnumThreadWindows.USER32(00000000,Function_0001F050), ref: 0041F092
                                                                                                              • Part of subcall function 004231A8: GetSystemMetrics.USER32(00000000), ref: 004231AA
                                                                                                            • OffsetRect.USER32(?,?,?), ref: 00424DC9
                                                                                                            • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E8C
                                                                                                            • OffsetRect.USER32(?,?,?), ref: 00424E9D
                                                                                                              • Part of subcall function 00423564: GetCurrentThreadId.KERNEL32 ref: 00423579
                                                                                                              • Part of subcall function 00423564: SetWindowsHookExA.USER32(00000003,00423520,00000000,00000000), ref: 00423589
                                                                                                              • Part of subcall function 00423564: CreateThread.KERNEL32(00000000,000003E8,004234D0,00000000,00000000), ref: 004235AD
                                                                                                              • Part of subcall function 00424B2C: SetTimer.USER32(00000000,00000001,?,004234B4), ref: 00424B47
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$CurrentOffsetRectWindows$ActiveCreateDrawEnumHookMetricsSystemTextTimerWindow
                                                                                                            • String ID: vLB
                                                                                                            • API String ID: 1477829881-1797516613
                                                                                                            • Opcode ID: 9987255b0b6c78362164308449554d51e9442941db4b17a29f095a444d8f0f61
                                                                                                            • Instruction ID: 1a85cd152e58b5c2614c87f396891e2b5808bef0cf689969089b0637ec596c27
                                                                                                            • Opcode Fuzzy Hash: 9987255b0b6c78362164308449554d51e9442941db4b17a29f095a444d8f0f61
                                                                                                            • Instruction Fuzzy Hash: C5812675A003188FCB14DFA8D880ADEBBF4FF88314F50416AE905AB296E738AD45CF44
                                                                                                            APIs
                                                                                                            • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00407003
                                                                                                            • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040707D
                                                                                                            • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070D5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Enum$NameOpenResourceUniversal
                                                                                                            • String ID: Z
                                                                                                            • API String ID: 3604996873-1505515367
                                                                                                            • Opcode ID: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                            • Instruction ID: 78f4b6eea80f90a9c0d6dbacb1000d6f5057f9b0a0312f2c839bfa0eabc808a5
                                                                                                            • Opcode Fuzzy Hash: a9e747af3270ad6827a26b5e12e82ea9da9777e5f51a79d453bfa0d7b97e4fbe
                                                                                                            • Instruction Fuzzy Hash: 14516470E04208AFDB11DF95C951AAFBBB9EF09304F1045BAE500BB3D1D778AE458B5A
                                                                                                            APIs
                                                                                                            • SetRectEmpty.USER32(?), ref: 0044D04E
                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D079
                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D101
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DrawText$EmptyRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 182455014-2867612384
                                                                                                            • Opcode ID: 3cb455d8176bf3e5231f8dda4285d64bdc155d7a8260b5a0e5f680fe50550aac
                                                                                                            • Instruction ID: ac611c4ae9e9b4e435f74cd3b872a097dcdbbef8ea8fa2dc8c743a2ef399c877
                                                                                                            • Opcode Fuzzy Hash: 3cb455d8176bf3e5231f8dda4285d64bdc155d7a8260b5a0e5f680fe50550aac
                                                                                                            • Instruction Fuzzy Hash: 18517171E00248AFDB11DFA5C885BDEBBF8BF48308F18447AE845EB252D7789945CB64
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 0042EF9E
                                                                                                              • Part of subcall function 0041A1E8: CreateFontIndirectA.GDI32(?), ref: 0041A2A7
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042EFC1
                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 0042F0A0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFontIndirectObjectReleaseSelect
                                                                                                            • String ID: ...\
                                                                                                            • API String ID: 3133960002-983595016
                                                                                                            • Opcode ID: 65766ae35a5ff9b042dd79c87bacb89811e544568082cefb05445997e7e8f61e
                                                                                                            • Instruction ID: de545d42c11d103cbad381cc3223c2b5efa9fdb4a6e9ae4bb0445229962d8c70
                                                                                                            • Opcode Fuzzy Hash: 65766ae35a5ff9b042dd79c87bacb89811e544568082cefb05445997e7e8f61e
                                                                                                            • Instruction Fuzzy Hash: 5A316370B00128AFDB11EB96D841BAEB7F8EB09348F90447BE410A7392D7785E49CA59
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539AB
                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,00496991,_iu,?,00000000,004539F6), ref: 004539BB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateFileHandle
                                                                                                            • String ID: .tmp$_iu
                                                                                                            • API String ID: 3498533004-10593223
                                                                                                            • Opcode ID: 1bf85a80132bbff87a9a827a47fd0c4a75e2f830b03f5f12b130a42208c1e1fd
                                                                                                            • Instruction ID: c819285d1904897ee35e15112b57b1097950df4cd651dd5525fdc5768647a91e
                                                                                                            • Opcode Fuzzy Hash: 1bf85a80132bbff87a9a827a47fd0c4a75e2f830b03f5f12b130a42208c1e1fd
                                                                                                            • Instruction Fuzzy Hash: 6531C5B0A00249ABCB11EFA5D842B9EBBB4AF44345F20453AF810B73C2D7785F058B69
                                                                                                            APIs
                                                                                                            • GetClassInfoA.USER32(00400000,?,?), ref: 0041647F
                                                                                                            • UnregisterClassA.USER32(?,00400000), ref: 004164AB
                                                                                                            • RegisterClassA.USER32(?), ref: 004164CE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Class$InfoRegisterUnregister
                                                                                                            • String ID: @
                                                                                                            • API String ID: 3749476976-2766056989
                                                                                                            • Opcode ID: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                            • Instruction ID: c77080f262680b7bd3c4c6a37e0a11d074b1995aa9dd52ebf92fb76dd285a693
                                                                                                            • Opcode Fuzzy Hash: 32c7bff64fe8078beb5c73cee1a3f36bf3645a98757bc26b4be27a2261280048
                                                                                                            • Instruction Fuzzy Hash: B8316D702042409BD720EF69C981B9B77E5AB89308F04457FF949DB392DB39DD44CB6A
                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNEL32(00000000,004986D0,00000000,00497E76,?,?,00000000,0049B628), ref: 00497DF0
                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,004986D0,00000000,00497E76,?,?,00000000,0049B628), ref: 00497E19
                                                                                                            • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00497E32
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Attributes$Move
                                                                                                            • String ID: isRS-%.3u.tmp
                                                                                                            • API String ID: 3839737484-3657609586
                                                                                                            • Opcode ID: c8ffd91a69648c323ebec4846a0c95b9f63ed5ce66c8394ab64ce5c1dd8b2d9f
                                                                                                            • Instruction ID: d3b1e0af9bc01606b4acbc4251c5ccfb03fd27bd09466a3f7c53cc9bc4e4fae9
                                                                                                            • Opcode Fuzzy Hash: c8ffd91a69648c323ebec4846a0c95b9f63ed5ce66c8394ab64ce5c1dd8b2d9f
                                                                                                            • Instruction Fuzzy Hash: F5214F71E14219AFCF11EFA9C881AAFBBB8EF44714F10457BB814B72D1D6389E018B59
                                                                                                            APIs
                                                                                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                                                            • ExitProcess.KERNEL32 ref: 00404E0D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitMessageProcess
                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                            • API String ID: 1220098344-2970929446
                                                                                                            • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                            • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                                                            • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                                                            • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042C804: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C828
                                                                                                              • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                              • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                            • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456A9C
                                                                                                            • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456AC9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                                                            • String ID: LoadTypeLib$RegisterTypeLib
                                                                                                            • API String ID: 1312246647-2435364021
                                                                                                            • Opcode ID: c06c5e8b46d4cc008794e6ef7648282b6775267df5f2c1a0af32ed40ef5fa1a3
                                                                                                            • Instruction ID: f320f84dc8d434ac547319b1f88b10c46afed2bb2b034f8a1d5164c41c1038b2
                                                                                                            • Opcode Fuzzy Hash: c06c5e8b46d4cc008794e6ef7648282b6775267df5f2c1a0af32ed40ef5fa1a3
                                                                                                            • Instruction Fuzzy Hash: CE118430B00604AFDB11DFA6CD55A5AB7BDEB89705F518476FD04D3652DA389E04CA14
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00456FBA
                                                                                                            • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 00457057
                                                                                                            Strings
                                                                                                            • Failed to create DebugClientWnd, xrefs: 00457020
                                                                                                            • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00456FE6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                                                            • API String ID: 3850602802-3720027226
                                                                                                            • Opcode ID: 6dc4dd13ffff63052e532ec2970cf3a172fdf6ef35738a55e650b02f86b7c4d3
                                                                                                            • Instruction ID: 7b454b92cb1dfb233f50f2560aabdc39b6abe04e8f027f2194e5078dec578530
                                                                                                            • Opcode Fuzzy Hash: 6dc4dd13ffff63052e532ec2970cf3a172fdf6ef35738a55e650b02f86b7c4d3
                                                                                                            • Instruction Fuzzy Hash: 571127706083409BE310ABA8DC81B5FBBD89B14719F01403AFE849B3C3D7795818C7AE
                                                                                                            APIs
                                                                                                              • Part of subcall function 004242C4: SetWindowTextA.USER32(?,00000000), ref: 004242DC
                                                                                                            • GetFocus.USER32 ref: 00478277
                                                                                                            • GetKeyState.USER32(0000007A), ref: 00478289
                                                                                                            • WaitMessage.USER32(?,00000000,004782B0,?,00000000,004782D7,?,?,00000001,00000000,?,?,?,0047FEE6,00000000,00480DAC), ref: 00478293
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FocusMessageStateTextWaitWindow
                                                                                                            • String ID: Wnd=$%x
                                                                                                            • API String ID: 1381870634-2927251529
                                                                                                            • Opcode ID: f1958697a4901136eb243dbe20eb39cbb326672f79de8de72c1a435ff1b0447b
                                                                                                            • Instruction ID: 17992b3effc84475d262d1a309b63da61542e22f0e105337c9737e95fd9359ad
                                                                                                            • Opcode Fuzzy Hash: f1958697a4901136eb243dbe20eb39cbb326672f79de8de72c1a435ff1b0447b
                                                                                                            • Instruction Fuzzy Hash: B811A730644644AFC701FF65DC5999E7BB8EB49304F9184FAF408E7692DB386900CA69
                                                                                                            APIs
                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E48C
                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E49B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$File$LocalSystem
                                                                                                            • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                                                            • API String ID: 1748579591-1013271723
                                                                                                            • Opcode ID: 2c82eb517319c4feb0678a2222fa1caa0c7cc9d70da35f771929cd42352f02e5
                                                                                                            • Instruction ID: a22b2a007e2cf2d6de8f80eb00497e2bff53ee2dc74e74251f844a221e221b1c
                                                                                                            • Opcode Fuzzy Hash: 2c82eb517319c4feb0678a2222fa1caa0c7cc9d70da35f771929cd42352f02e5
                                                                                                            • Instruction Fuzzy Hash: 3711F8A440C3919ED340DF6AC44432BBAE4AB89708F44496EF9C8D6381E77AC948DB67
                                                                                                            APIs
                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F83
                                                                                                              • Part of subcall function 00406F50: DeleteFileA.KERNEL32(00000000,0049B628,00498261,00000000,004982B6,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F5B
                                                                                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 00453FA8
                                                                                                              • Part of subcall function 0045349C: GetLastError.KERNEL32(00000000,00454031,00000005,00000000,00454066,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,00497F15,00000000), ref: 0045349F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$AttributesDeleteErrorLastMove
                                                                                                            • String ID: DeleteFile$MoveFile
                                                                                                            • API String ID: 3024442154-139070271
                                                                                                            • Opcode ID: 75fc53fd0ddaa48128ef6cce4dae119495c42920ad3f5386662393d2e6d8c133
                                                                                                            • Instruction ID: b5871bee3d194af1fa843ac656f6d820fc0ba16d57580c91db5694710367c43f
                                                                                                            • Opcode Fuzzy Hash: 75fc53fd0ddaa48128ef6cce4dae119495c42920ad3f5386662393d2e6d8c133
                                                                                                            • Instruction Fuzzy Hash: AEF062716142045BD701FBA2D84266EA7ECDB8435EF60443BB900BB6C3DA3C9E094529
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592F1,00000000,004594A9,?,00000000,00000000,00000000), ref: 00459201
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                                                            • API String ID: 47109696-2631785700
                                                                                                            • Opcode ID: 7bfc696592b003d8a6b238063e783ff3189b4dca7eb8d211325608debd19b0e7
                                                                                                            • Instruction ID: d749d17306166952b18a3f7a40743e5d4d539800c31903ae925bcb827c574b5e
                                                                                                            • Opcode Fuzzy Hash: 7bfc696592b003d8a6b238063e783ff3189b4dca7eb8d211325608debd19b0e7
                                                                                                            • Instruction Fuzzy Hash: EEF0C231700150EBCB10EB9AD895B4E7398DB95356F50453BF980CB263C63CCC0ACA6E
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004836E9
                                                                                                            • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 0048370C
                                                                                                            Strings
                                                                                                            • CSDVersion, xrefs: 004836E0
                                                                                                            • System\CurrentControlSet\Control\Windows, xrefs: 004836B6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                            • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                                                            • API String ID: 3677997916-1910633163
                                                                                                            • Opcode ID: b08de6e064ab0066fdf25e92b32557c09a13beb56fb99f55e24ba5929372f4fd
                                                                                                            • Instruction ID: e2e1efa57e06e253ed5c33608a99233e6d60fcd3e82f395225068b7938859aaf
                                                                                                            • Opcode Fuzzy Hash: b08de6e064ab0066fdf25e92b32557c09a13beb56fb99f55e24ba5929372f4fd
                                                                                                            • Instruction Fuzzy Hash: 07F036F5A40209B6DF10EBD1CC45B9F77FC9B04B05F108567E910E7280E678DB048B59
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B5A,00000000,00453BFD,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FED,00000000), ref: 0042D90A
                                                                                                            • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D910
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                                                            • API String ID: 1646373207-4063490227
                                                                                                            • Opcode ID: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                            • Instruction ID: 657275fb9dfacbe144619f02b172540cf2f0c5a6f4252bec6bd03a25d2dd35a2
                                                                                                            • Opcode Fuzzy Hash: 3965e48138ab8598cb17ff311cd558fd433aca8a834515e354a81fb776e31baf
                                                                                                            • Instruction Fuzzy Hash: A5E0DFE0B40B0122D70032BA1C82B6B108D4B84728F90053B3894E62D6DDBCD9840A6D
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAD0), ref: 0042EB62
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB68
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                                                            • API String ID: 1646373207-260599015
                                                                                                            • Opcode ID: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                            • Instruction ID: e1ec077e445c8734ae54db5ffdd633522f5c412f0b7fee52e54de0d29bb4c321
                                                                                                            • Opcode Fuzzy Hash: 88ce12e330a2fc51ece58c284b54de3a76b504cb94a4c995bd1a3fb2c6ea0693
                                                                                                            • Instruction Fuzzy Hash: A2D0C793311732665D10B1F73CD1EAB058C891527935404B7F515E5641D55DEC1115AD
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,00498762), ref: 0044F77F
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F785
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: NotifyWinEvent$user32.dll
                                                                                                            • API String ID: 1646373207-597752486
                                                                                                            • Opcode ID: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                            • Instruction ID: 5e946f17392c81a4f172a46fe169fb9a1f72c9003761a5edf28bd31acc2f1150
                                                                                                            • Opcode Fuzzy Hash: f97c3de5cacafbf63d36e16939e29d51eb7e912e87a0fb2b79f6fc39cd446e20
                                                                                                            • Instruction Fuzzy Hash: 59E012F0E417049AFF00BBB57B86B1A3A90E764719B00057FF414A6292DB7C481C4F9D
                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,004987B8,00000001,00000000,004987DC), ref: 004984E2
                                                                                                            • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 004984E8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                                                            • API String ID: 1646373207-834958232
                                                                                                            • Opcode ID: 0a6869f336692cffb72a3d37b5043cace6ddfe1b26e102b83d1b95de8ab3ca94
                                                                                                            • Instruction ID: 53974a48addda20669242eeec291eced9f9b3ea586a0102388b68221815f3be9
                                                                                                            • Opcode Fuzzy Hash: 0a6869f336692cffb72a3d37b5043cace6ddfe1b26e102b83d1b95de8ab3ca94
                                                                                                            • Instruction Fuzzy Hash: 8EB092C0280703689C8032BA0C02F1F08484C4272CB10003F3810A40C7ED6CDC00083D
                                                                                                            APIs
                                                                                                              • Part of subcall function 0044B658: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F775,00498762), ref: 0044B67F
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B697
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A9
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6BB
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6CD
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6DF
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6F1
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B703
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B715
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B727
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B739
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B74B
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B75D
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B76F
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B781
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B793
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B7A5
                                                                                                              • Part of subcall function 0044B658: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7B7
                                                                                                            • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,0049878A), ref: 00464477
                                                                                                            • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 0046447D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                            • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                                                            • API String ID: 2238633743-2683653824
                                                                                                            • Opcode ID: 43e9449c42c64eafa185df201a3e78782dc27b2a49daecccd0491a4bbbb3dbf6
                                                                                                            • Instruction ID: aee408708d02c77079155b2370532760acd370d0883c3ae68736bebce920fed0
                                                                                                            • Opcode Fuzzy Hash: 43e9449c42c64eafa185df201a3e78782dc27b2a49daecccd0491a4bbbb3dbf6
                                                                                                            • Instruction Fuzzy Hash: 73B09290681740A8CA007BB2289BB0F2A4894B072E7A2463B7008710C6EF7C84204A6E
                                                                                                            APIs
                                                                                                            • FindNextFileA.KERNEL32(000000FF,?,00000000,0047D2E0,?,?,?,?,00000000,0047D435,?,?,?,00000000,?,0047D544), ref: 0047D2BC
                                                                                                            • FindClose.KERNEL32(000000FF,0047D2E7,0047D2E0,?,?,?,?,00000000,0047D435,?,?,?,00000000,?,0047D544,00000000), ref: 0047D2DA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 2066263336-0
                                                                                                            • Opcode ID: 1bb33653f71372efa694325d8d6b641fbfb84b71fff8fb7ce2a7bf965ad77fdb
                                                                                                            • Instruction ID: 813c4c7e096b0537259228c6ce98783779beb739e450e2ccca0bb42f0b61749a
                                                                                                            • Opcode Fuzzy Hash: 1bb33653f71372efa694325d8d6b641fbfb84b71fff8fb7ce2a7bf965ad77fdb
                                                                                                            • Instruction Fuzzy Hash: 6A813B30D0024D9FDF11DFA5C845ADFBBB9EF49304F5080EAE808A3292D639AA46CF55
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042EE30: GetTickCount.KERNEL32 ref: 0042EE36
                                                                                                              • Part of subcall function 0042EC88: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECBD
                                                                                                            • GetLastError.KERNEL32(00000000,00475595,?,?,0049C1DC,00000000), ref: 0047547E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountErrorFileLastMoveTick
                                                                                                            • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                                                            • API String ID: 2406187244-2685451598
                                                                                                            • Opcode ID: c178663150e68b17ede051a88a8c0b8e52ebf449323b5d146d45458d51117132
                                                                                                            • Instruction ID: cb6e190203de8706f01eb9277cb95c8d8a5d25c2e0fbb05709c61410d89611bd
                                                                                                            • Opcode Fuzzy Hash: c178663150e68b17ede051a88a8c0b8e52ebf449323b5d146d45458d51117132
                                                                                                            • Instruction Fuzzy Hash: 9E41B770A006099BCB10EFA5D882AEE77B5EF48314F608537E404BB355D7789A418BAD
                                                                                                            APIs
                                                                                                            • GetDesktopWindow.USER32 ref: 00413D46
                                                                                                            • GetDesktopWindow.USER32 ref: 00413DFE
                                                                                                              • Part of subcall function 00418EC0: 6FA0C6F0.COMCTL32(?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EDC
                                                                                                              • Part of subcall function 00418EC0: ShowCursor.USER32(00000001,?,00000000,00413FC3,00000000,004140D3,?,?,0049B628), ref: 00418EF9
                                                                                                            • SetCursor.USER32(00000000,?,?,?,?,00413AF3,00000000,00413B06), ref: 00413E3C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CursorDesktopWindow$Show
                                                                                                            • String ID:
                                                                                                            • API String ID: 2074268717-0
                                                                                                            • Opcode ID: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                            • Instruction ID: d0219f8535474b9b7e790bb207accfb6dce16a9ac66decbe361331da1304c66b
                                                                                                            • Opcode Fuzzy Hash: 48e3412c1a46991eea637d4b1b247886da5b7466a2ee9d80c19fa9edf3c8b710
                                                                                                            • Instruction Fuzzy Hash: 91412C75600210AFC710DF2AFA84B56B7E1EB65329B16817BE405CB365DB38DD81CF98
                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A75
                                                                                                            • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AE4
                                                                                                            • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B7F
                                                                                                            • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BBE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LoadString$FileMessageModuleName
                                                                                                            • String ID:
                                                                                                            • API String ID: 704749118-0
                                                                                                            • Opcode ID: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                            • Instruction ID: 7d65b0a5aa49ad722f3f3263bbe29e3330acee4661d9e2153cfe083702b22da2
                                                                                                            • Opcode Fuzzy Hash: ede814ba8b2c905ab74f80468cae56b5ab65d73ed59c96bbcc76a4520df8398d
                                                                                                            • Instruction Fuzzy Hash: 1F3123716083849AD370EB65C945BDF77D89B85704F40483FB6C8E72D1EB7859048B6B
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E90D
                                                                                                              • Part of subcall function 0044CF50: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF82
                                                                                                            • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E991
                                                                                                              • Part of subcall function 0042BBB4: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBC8
                                                                                                            • IsRectEmpty.USER32(?), ref: 0044E953
                                                                                                            • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E976
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 855768636-0
                                                                                                            • Opcode ID: e9e3cf1fe88063870224b64a3ffaafaa7ea9294743723d0f52b5b35edb71e9c8
                                                                                                            • Instruction ID: f7bad605b8f68185b4e834990bb8ca2287257270a928060092b59a923d315d7c
                                                                                                            • Opcode Fuzzy Hash: e9e3cf1fe88063870224b64a3ffaafaa7ea9294743723d0f52b5b35edb71e9c8
                                                                                                            • Instruction Fuzzy Hash: E5114A71B0030067E650BA7B8C86B5B76C9AB88748F15083FB545EB387DE7DDD094299
                                                                                                            APIs
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 004954F8
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 00495513
                                                                                                            • OffsetRect.USER32(?,?,00000000), ref: 0049552D
                                                                                                            • OffsetRect.USER32(?,00000000,?), ref: 00495548
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: OffsetRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 177026234-0
                                                                                                            • Opcode ID: 189e9286564265d853a06d191ff0450012ffb6c3854856ebd751307d5f0fca29
                                                                                                            • Instruction ID: 0cb6fc954a72117405a3be1f948335ff5a15e1e1cf1cb616ea1ff77106a83dd0
                                                                                                            • Opcode Fuzzy Hash: 189e9286564265d853a06d191ff0450012ffb6c3854856ebd751307d5f0fca29
                                                                                                            • Instruction Fuzzy Hash: 372181B6700601AFCB00DE69CD85E6B77DAEBC4344F248A2AF944C7249D638ED448755
                                                                                                            APIs
                                                                                                            • GetCursorPos.USER32 ref: 00417260
                                                                                                            • SetCursor.USER32(00000000), ref: 004172A3
                                                                                                            • GetLastActivePopup.USER32(?), ref: 004172CD
                                                                                                            • GetForegroundWindow.USER32(?), ref: 004172D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1959210111-0
                                                                                                            • Opcode ID: 0923a2c161fc1a9e066ccd67b54e00c3a39e3c999bff849f93405dbd13ead463
                                                                                                            • Instruction ID: de3f0dc6b436800086b9427ec8ddd2ec86eeedce3a35093462374e80c8eda50e
                                                                                                            • Opcode Fuzzy Hash: 0923a2c161fc1a9e066ccd67b54e00c3a39e3c999bff849f93405dbd13ead463
                                                                                                            • Instruction Fuzzy Hash: C52183313086118AD720AFA9E945AE733F1EF44754B0544ABF8558B352DB3DDC82CB9E
                                                                                                            APIs
                                                                                                            • MulDiv.KERNEL32(?,00000008,?), ref: 00495161
                                                                                                            • MulDiv.KERNEL32(?,00000008,?), ref: 00495175
                                                                                                            • MulDiv.KERNEL32(?,00000008,?), ref: 00495189
                                                                                                            • MulDiv.KERNEL32(?,00000008,?), ref: 004951A7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                            • Instruction ID: ece1589fda812a565620013fcb1ed5a997ef569cae5724ba48b6fbd062de1f9b
                                                                                                            • Opcode Fuzzy Hash: b0bc83cb44cddb6cfb83e9cff79c84a8c4632dee95d4fc6912c32f85648e17c5
                                                                                                            • Instruction Fuzzy Hash: E8115172A05104AFCB40DEA9D8C5E8B7BECEF4D320B24416AF908DB346D634EC408BA4
                                                                                                            APIs
                                                                                                            • GetClassInfoA.USER32(00400000,0041F470,?), ref: 0041F4A1
                                                                                                            • UnregisterClassA.USER32(0041F470,00400000), ref: 0041F4CA
                                                                                                            • RegisterClassA.USER32(00499598), ref: 0041F4D4
                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F50F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 4025006896-0
                                                                                                            • Opcode ID: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                            • Instruction ID: 7a0dc659497f48f9aad4428a0df7724adcaf244520b53866b591a9b3b5545ee4
                                                                                                            • Opcode Fuzzy Hash: 2789f09181fedf2aa8f29be774d1bfe7920984f559ea6f8e8637ed1726722249
                                                                                                            • Instruction Fuzzy Hash: F6011B72240104AADA10EBACED81E9B33999729314B11423BB615E72A2D6399C558BAC
                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D027
                                                                                                            • LoadResource.KERNEL32(00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047C648,0000000A,00000000), ref: 0040D041
                                                                                                            • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?,?,0047C648), ref: 0040D05B
                                                                                                            • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A7C8,00400000,00000001,00000000,?,0040CF84,00000000,?,00000000,?), ref: 0040D065
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                            • String ID:
                                                                                                            • API String ID: 3473537107-0
                                                                                                            • Opcode ID: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                            • Instruction ID: ce77ce8360aa458f47a01e9b0563465317cd85cc21d7bcd45488e041df035c61
                                                                                                            • Opcode Fuzzy Hash: f701ce4f04cb0ebdd1143b5585c75acb70ffd029a82b31343d3be87257736b7b
                                                                                                            • Instruction Fuzzy Hash: 49F04F726056046F9B14EE59A881D5B77ECDE88268310013AF908E7286DA38DD018B68
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00470465
                                                                                                            Strings
                                                                                                            • Setting NTFS compression on file: %s, xrefs: 00470433
                                                                                                            • Unsetting NTFS compression on file: %s, xrefs: 0047044B
                                                                                                            • Failed to set NTFS compression state (%d)., xrefs: 00470476
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                                                            • API String ID: 1452528299-3038984924
                                                                                                            • Opcode ID: a714ca870f106a0b299b69b708085a280bfeb4b7d5a8dbea3a6d3b5799a23f26
                                                                                                            • Instruction ID: 5508092d392c29e30f7e419f1558a5efa53bd64671fa73d33ea5aa8feab5f6e0
                                                                                                            • Opcode Fuzzy Hash: a714ca870f106a0b299b69b708085a280bfeb4b7d5a8dbea3a6d3b5799a23f26
                                                                                                            • Instruction Fuzzy Hash: CA016730E1924896CB14D7AD54812EDBBF49F49308F44C1EFA55DE7382DA781A08879A
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(00000000,00000000), ref: 0046FCB9
                                                                                                            Strings
                                                                                                            • Setting NTFS compression on directory: %s, xrefs: 0046FC87
                                                                                                            • Unsetting NTFS compression on directory: %s, xrefs: 0046FC9F
                                                                                                            • Failed to set NTFS compression state (%d)., xrefs: 0046FCCA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast
                                                                                                            • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                                                            • API String ID: 1452528299-1392080489
                                                                                                            • Opcode ID: d08b5e621045cc5cd0e44a77b6b1f6d9ef736be1227186b37ca663e00f32494c
                                                                                                            • Instruction ID: 966577c707f49859c08c22ad5a588f09726d737875f6d95343439a3241496ead
                                                                                                            • Opcode Fuzzy Hash: d08b5e621045cc5cd0e44a77b6b1f6d9ef736be1227186b37ca663e00f32494c
                                                                                                            • Instruction Fuzzy Hash: 55011720D1824C56CB14D7AD74812DDBBB4AF49314F54C1BFA899E7342EB791A0C879B
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5FE,?,?,?,?,?,00000000,0045B625), ref: 00455DD8
                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5FE,?,?,?,?,?,00000000), ref: 00455DE1
                                                                                                            • RemoveFontResourceA.GDI32(00000000), ref: 00455DEE
                                                                                                            • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455E02
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 4283692357-0
                                                                                                            • Opcode ID: 876c7f592335f26f534d3a610f48d9a4b9bf1bdf8c7f8d73d654af2b8de839a9
                                                                                                            • Instruction ID: 71ccc6c4ad223293e5fa71c014565a1ca4f3f808124b73c5b0663eb55104ffd2
                                                                                                            • Opcode Fuzzy Hash: 876c7f592335f26f534d3a610f48d9a4b9bf1bdf8c7f8d73d654af2b8de839a9
                                                                                                            • Instruction Fuzzy Hash: 57F0BEB174070036EA10B6BAAC4BF2B26CC8F54745F10883ABA00EF2C3D97CDC04962D
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$CountSleepTick
                                                                                                            • String ID:
                                                                                                            • API String ID: 2227064392-0
                                                                                                            • Opcode ID: a059845960953a09b5437104de94e4f2c0855e1466d2a7ed8765463934732ab9
                                                                                                            • Instruction ID: 6dd2862dcb574814dc985a52fd8bef393983683767be68f312e29577703bd9fd
                                                                                                            • Opcode Fuzzy Hash: a059845960953a09b5437104de94e4f2c0855e1466d2a7ed8765463934732ab9
                                                                                                            • Instruction Fuzzy Hash: C4E0E5623291114D862935FE18D25AF4984CBC23A6B2A453FE088D6242C8584D05467F
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC,?,?,?,?,?,0049884B,00000000), ref: 00477D2D
                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC,?,?,?,?,?,0049884B), ref: 00477D33
                                                                                                            • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC), ref: 00477D55
                                                                                                            • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,00480DAC), ref: 00477D66
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 215268677-0
                                                                                                            • Opcode ID: 3a93110a626b43f3eadaa74cf541c0290f0e8f026231ea58c1b57ecd76d8e3ea
                                                                                                            • Instruction ID: 7d1e0899fa26f13c2a6683c6024d2156ea27cbafc883e2ae306b9283f9cebe78
                                                                                                            • Opcode Fuzzy Hash: 3a93110a626b43f3eadaa74cf541c0290f0e8f026231ea58c1b57ecd76d8e3ea
                                                                                                            • Instruction Fuzzy Hash: 85F037616447007BD610E6B58C81E6B73DCEF44754F04893A7E94C72C1D678D8089726
                                                                                                            APIs
                                                                                                            • GetLastActivePopup.USER32(?), ref: 0042424C
                                                                                                            • IsWindowVisible.USER32(?), ref: 0042425D
                                                                                                            • IsWindowEnabled.USER32(?), ref: 00424267
                                                                                                            • SetForegroundWindow.USER32(?), ref: 00424271
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 2280970139-0
                                                                                                            • Opcode ID: f5eb756bdd9929eb0187d31ee3fb53ef02cbc66ad04bc69917a7cf098bede398
                                                                                                            • Instruction ID: 2c5ff33fc315f6eb6fab431e1453bcb0e66c5aaaa6596e28cc8dc28fd0b03a53
                                                                                                            • Opcode Fuzzy Hash: f5eb756bdd9929eb0187d31ee3fb53ef02cbc66ad04bc69917a7cf098bede398
                                                                                                            • Instruction Fuzzy Hash: C7E0EC61B02672D6AE31FA7B2881A9F518C9D45BE434641EBBC04FB38ADB2CDC1141BD
                                                                                                            APIs
                                                                                                            • GlobalHandle.KERNEL32 ref: 0040626F
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00406276
                                                                                                            • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040627B
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00406281
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$AllocHandleLockUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167344118-0
                                                                                                            • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                            • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                                                                            • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                                                            • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                                                                            APIs
                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047B625,?,00000000,00000000,00000001,00000000,00479FD9,?,00000000), ref: 00479F9D
                                                                                                            Strings
                                                                                                            • Failed to parse "reg" constant, xrefs: 00479FA4
                                                                                                            • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 00479E11
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                                                            • API String ID: 3535843008-1938159461
                                                                                                            • Opcode ID: 16d8054e143327fe44f194470e69b7b3affe626307b8d2e4c87d8a967639857b
                                                                                                            • Instruction ID: 47cfa27444033e2517bbb80e4c41b37ce2323e10df06c4a21d1f595548a21c80
                                                                                                            • Opcode Fuzzy Hash: 16d8054e143327fe44f194470e69b7b3affe626307b8d2e4c87d8a967639857b
                                                                                                            • Instruction Fuzzy Hash: EB814F74E00108AFCB10EFA5D881ADEBBF9EF49314F50816AE814E7391D7389E45CB98
                                                                                                            APIs
                                                                                                            • GetForegroundWindow.USER32(00000000,004831FA,?,00000000,0048323B,?,?,?,?,00000000,00000000,00000000,?,0046BC0D), ref: 004830A9
                                                                                                            • SetActiveWindow.USER32(?,00000000,004831FA,?,00000000,0048323B,?,?,?,?,00000000,00000000,00000000,?,0046BC0D), ref: 004830BB
                                                                                                            Strings
                                                                                                            • Will not restart Windows automatically., xrefs: 004831DA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveForeground
                                                                                                            • String ID: Will not restart Windows automatically.
                                                                                                            • API String ID: 307657957-4169339592
                                                                                                            • Opcode ID: 5dc678ddc73231bd7f3deb4895ee9687ce670b7cd050f2935782a4b7fd108cc5
                                                                                                            • Instruction ID: 14d12ce259a9d91e5540598a1459cb212717435f7278461c6eeed3650d71e2e9
                                                                                                            • Opcode Fuzzy Hash: 5dc678ddc73231bd7f3deb4895ee9687ce670b7cd050f2935782a4b7fd108cc5
                                                                                                            • Instruction Fuzzy Hash: E7415530304280AEE701FF64DDAAB6DBBA0AB56F05F104CB7E8404B3A2C67D1A01DB5D
                                                                                                            Strings
                                                                                                            • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CBAC
                                                                                                            • Failed to proceed to next wizard page; aborting., xrefs: 0046CB98
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                                                            • API String ID: 0-1974262853
                                                                                                            • Opcode ID: 5c21498a53a12cfa8e7fd6d0fca4a53d4e4662c611673a7e38899ae354c5c1cd
                                                                                                            • Instruction ID: f767aec7694c3a706269651ece3f491ea64dc64c3ef09eb99a1787ebd09846f2
                                                                                                            • Opcode Fuzzy Hash: 5c21498a53a12cfa8e7fd6d0fca4a53d4e4662c611673a7e38899ae354c5c1cd
                                                                                                            • Instruction Fuzzy Hash: A7317230604204DFD711EB99D5C6BA977E5AB05704F5500BBE048AB392D778BE40CB5E
                                                                                                            APIs
                                                                                                              • Part of subcall function 0042DE1C: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,004836C7,?,00000001,?,?,004836C7,?,00000001,00000000), ref: 0042DE38
                                                                                                            • RegCloseKey.ADVAPI32(?,00478A9E,?,?,00000001,00000000,00000000,00478AB9), ref: 00478A87
                                                                                                            Strings
                                                                                                            • %s\%s_is1, xrefs: 00478A30
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478A12
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpen
                                                                                                            • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                            • API String ID: 47109696-1598650737
                                                                                                            • Opcode ID: cbbb33293de64dd8a9f9caa67a5b3cda024617d485473e40b666104571127f40
                                                                                                            • Instruction ID: dc80809357616fc60b3df9076f922e914a3229883baf2cade8178dd1eb90c67d
                                                                                                            • Opcode Fuzzy Hash: cbbb33293de64dd8a9f9caa67a5b3cda024617d485473e40b666104571127f40
                                                                                                            • Instruction Fuzzy Hash: C2218170B042446FDB01DFA9CC55ADEBBE8EB88304F90847BE508E7381DA789D01CB59
                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501FD
                                                                                                            • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 0045022E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExecuteMessageSendShell
                                                                                                            • String ID: open
                                                                                                            • API String ID: 812272486-2758837156
                                                                                                            • Opcode ID: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                            • Instruction ID: 7f57506e0c07b49dd0b520b237e7736b759e9f4ed638734fb0c833ac5abbff07
                                                                                                            • Opcode Fuzzy Hash: ea446b968c091deb5619fe0c64f284e9fafe3e6cb185d1fb8701354efc215884
                                                                                                            • Instruction Fuzzy Hash: A1216074E00204AFDB10DFA9C896B9EBBF8EB44705F1081BAB404E7292D678DE45CA59
                                                                                                            APIs
                                                                                                            • ShellExecuteEx.SHELL32(0000003C), ref: 0045532C
                                                                                                            • GetLastError.KERNEL32(0000003C,00000000,00455375,?,?,?), ref: 0045533D
                                                                                                              • Part of subcall function 0042D8C4: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8D7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DirectoryErrorExecuteLastShellSystem
                                                                                                            • String ID: <
                                                                                                            • API String ID: 893404051-4251816714
                                                                                                            • Opcode ID: eda88bca0edbb1d4d60b2465a169ef4fc32f774dfe42a6a5e367270b0e7eae9d
                                                                                                            • Instruction ID: 92df0b2f1231c5c49ece4c570041ef31d6ed92e86db86b93cafb864a5026e18c
                                                                                                            • Opcode Fuzzy Hash: eda88bca0edbb1d4d60b2465a169ef4fc32f774dfe42a6a5e367270b0e7eae9d
                                                                                                            • Instruction Fuzzy Hash: 172167B0600609ABDB10EF65C8926AE7BE8AF44355F54403AFC44E7291D7789E49CB98
                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                                                              • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                                                              • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                                                              • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                                                              • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,021E7CB0,?,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                            • String ID: )
                                                                                                            • API String ID: 2227675388-1084416617
                                                                                                            • Opcode ID: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                                            • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                                                            • Opcode Fuzzy Hash: e007287126da8fa7f668c9e0dd370e3762efe765c6f58c3167b97aa7cf6c64ab
                                                                                                            • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                                                            APIs
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 004966D9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window
                                                                                                            • String ID: /INITPROCWND=$%x $@
                                                                                                            • API String ID: 2353593579-4169826103
                                                                                                            • Opcode ID: b4f4c19a8bc55ff90c2e9b73843465f76c245e37ca3079c0cf601615490e7546
                                                                                                            • Instruction ID: 2823dcf8e8ddb1ccfa98fa5e384fb34ae0e14248cce506d77a4005fc3c11fa4c
                                                                                                            • Opcode Fuzzy Hash: b4f4c19a8bc55ff90c2e9b73843465f76c245e37ca3079c0cf601615490e7546
                                                                                                            • Instruction Fuzzy Hash: 4711A531A042089FDF01DFA4D851BAE7FE8EB48318F5144BBE504E7291DB7C9905C658
                                                                                                            APIs
                                                                                                              • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                                                              • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 004474C6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$AllocByteCharFreeMultiWide
                                                                                                            • String ID: NIL Interface Exception$Unknown Method
                                                                                                            • API String ID: 3952431833-1023667238
                                                                                                            • Opcode ID: 4f43f2048f3271615f10b1acac82c539bd88d3f79065c454e3b767f871ffd8a8
                                                                                                            • Instruction ID: eb0132878ffe7144b3db707554455947565e11d0cdd4dc78092451a8fec87e99
                                                                                                            • Opcode Fuzzy Hash: 4f43f2048f3271615f10b1acac82c539bd88d3f79065c454e3b767f871ffd8a8
                                                                                                            • Instruction Fuzzy Hash: 8011B9706082089FEB10DFA58C52A6EBBBCEB09704F91407AF504F7681D77C9D01CB69
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495FD8,?,00495FCC,00000000,00495FB3), ref: 00495F7E
                                                                                                            • CloseHandle.KERNEL32(00496018,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495FD8,?,00495FCC,00000000), ref: 00495F95
                                                                                                              • Part of subcall function 00495E68: GetLastError.KERNEL32(00000000,00495F00,?,?,?,?), ref: 00495E8C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateErrorHandleLastProcess
                                                                                                            • String ID: D
                                                                                                            • API String ID: 3798668922-2746444292
                                                                                                            • Opcode ID: 2cac3968973140c3bf288dcd51b8fea51afb9ccec72b099e887b62547fa5ce6a
                                                                                                            • Instruction ID: f27f12c2402a3b04c6ef5f500e2c30b4f6e8a0b8f5398e8f95c33b3eb070371b
                                                                                                            • Opcode Fuzzy Hash: 2cac3968973140c3bf288dcd51b8fea51afb9ccec72b099e887b62547fa5ce6a
                                                                                                            • Instruction Fuzzy Hash: FC015EB1644648AFDF05DBA2DD42E9EBBACDB08714F61003AF904E72C5D6789E048B68
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD78
                                                                                                            • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value$EnumQuery
                                                                                                            • String ID: Inno Setup: No Icons
                                                                                                            • API String ID: 1576479698-2016326496
                                                                                                            • Opcode ID: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                            • Instruction ID: 8d080c6700cf8453afd411d185ff7d2dd707f59376968ad674d2e7d16536e1ed
                                                                                                            • Opcode Fuzzy Hash: 36a0b08f46d91d09f38f531e186592c2a543f82488f0210131226a48688c00be
                                                                                                            • Instruction Fuzzy Hash: 1B012B33B55B7179FB3045256D01F7B57889B82B60F64013BF942EA2C0D6999C04936E
                                                                                                            APIs
                                                                                                              • Part of subcall function 004555E4: GetCurrentProcess.KERNEL32(00000028), ref: 004555F3
                                                                                                              • Part of subcall function 004555E4: OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555F9
                                                                                                            • SetForegroundWindow.USER32(?), ref: 00497406
                                                                                                            Strings
                                                                                                            • Restarting Windows., xrefs: 004973E3
                                                                                                            • Not restarting Windows because Uninstall is being run from the debugger., xrefs: 00497431
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CurrentForegroundOpenTokenWindow
                                                                                                            • String ID: Not restarting Windows because Uninstall is being run from the debugger.$Restarting Windows.
                                                                                                            • API String ID: 3179053593-4147564754
                                                                                                            • Opcode ID: 4193847a8af397455179383c4cf3c5e93af51966d3aee1b0e62b09f4ca4c6cf6
                                                                                                            • Instruction ID: 81a48865aaf16d48f947dda4b05133a8651c2c420a775bb83d5095b98b759fde
                                                                                                            • Opcode Fuzzy Hash: 4193847a8af397455179383c4cf3c5e93af51966d3aee1b0e62b09f4ca4c6cf6
                                                                                                            • Instruction Fuzzy Hash: 1C01B5B0618244AAEB01FB66E992B983F989B44308F80407BF5446B2D3C73C994AC75D
                                                                                                            APIs
                                                                                                              • Part of subcall function 0047CBBC: FreeLibrary.KERNEL32(6FDC0000,00481513), ref: 0047CBD2
                                                                                                              • Part of subcall function 0047C88C: GetTickCount.KERNEL32 ref: 0047C8D6
                                                                                                              • Part of subcall function 004570E0: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004570FF
                                                                                                            • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,004984CB), ref: 00497BC9
                                                                                                            • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,004984CB), ref: 00497BCF
                                                                                                            Strings
                                                                                                            • Detected restart. Removing temporary directory., xrefs: 00497B83
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                                                            • String ID: Detected restart. Removing temporary directory.
                                                                                                            • API String ID: 1717587489-3199836293
                                                                                                            • Opcode ID: edd495a3eb806bce708dfd09f75f47a0044e32d2cd5383a21bd3adb2a5963435
                                                                                                            • Instruction ID: d50bc6c630895905583a3a2fadab6dc9590d78cbbd3fad9bb3e23ee4b0713a5b
                                                                                                            • Opcode Fuzzy Hash: edd495a3eb806bce708dfd09f75f47a0044e32d2cd5383a21bd3adb2a5963435
                                                                                                            • Instruction Fuzzy Hash: C8E0E57221C7042EDA1177B7BC62A573F8CD74576C761447FF90881992C42D6810C67D
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000001.00000002.3476022780.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000001.00000002.3475976619.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476238903.0000000000499000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476313629.000000000049A000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476417727.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                            • Associated: 00000001.00000002.3476461110.00000000004AB000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_1_2_400000_Ni2ghr9eUJ.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastSleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 1458359878-0
                                                                                                            • Opcode ID: 6f2b27bda8ca5cc9560dd93be1cc0b104f7b92667656e0278d509a2706482566
                                                                                                            • Instruction ID: f31041694d7e6b08a2ea33ec2b58b28b25921f40701f973673b956735a8b67d8
                                                                                                            • Opcode Fuzzy Hash: 6f2b27bda8ca5cc9560dd93be1cc0b104f7b92667656e0278d509a2706482566
                                                                                                            • Instruction Fuzzy Hash: 42F02B32705F58A78B21B56A889157FB2A8DB81366750012BFC0CD7313C878CC058BBC

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:2.6%
                                                                                                            Dynamic/Decrypted Code Coverage:65.3%
                                                                                                            Signature Coverage:19.2%
                                                                                                            Total number of Nodes:499
                                                                                                            Total number of Limit Nodes:25
                                                                                                            execution_graph 61539 2cd104d 61544 2ce23a4 61539->61544 61550 2ce22a8 61544->61550 61546 2cd1057 61547 2cd1aa9 InterlockedIncrement 61546->61547 61548 2cd105c 61547->61548 61549 2cd1ac5 WSAStartup InterlockedExchange 61547->61549 61549->61548 61551 2ce22b4 __CRT_INIT@12 61550->61551 61558 2ce7140 61551->61558 61557 2ce22db __CRT_INIT@12 61557->61546 61575 2ce749b 61558->61575 61560 2ce22bd 61561 2ce22ec RtlDecodePointer RtlDecodePointer 61560->61561 61562 2ce22c9 61561->61562 61563 2ce2319 61561->61563 61572 2ce22e6 61562->61572 61563->61562 61584 2ce7d0d 60 API calls __cftoa_l 61563->61584 61565 2ce237c RtlEncodePointer RtlEncodePointer 61565->61562 61566 2ce232b 61566->61565 61567 2ce2350 61566->61567 61585 2ce76a9 62 API calls 2 library calls 61566->61585 61567->61562 61571 2ce236a RtlEncodePointer 61567->61571 61586 2ce76a9 62 API calls 2 library calls 61567->61586 61570 2ce2364 61570->61562 61570->61571 61571->61565 61587 2ce7149 61572->61587 61576 2ce74bf RtlEnterCriticalSection 61575->61576 61577 2ce74ac 61575->61577 61576->61560 61582 2ce7523 59 API calls 10 library calls 61577->61582 61579 2ce74b2 61579->61576 61583 2ce6fed 59 API calls 3 library calls 61579->61583 61582->61579 61584->61566 61585->61567 61586->61570 61590 2ce7605 RtlLeaveCriticalSection 61587->61590 61589 2ce22eb 61589->61557 61590->61589 61591 2d52015 61592 2d5aecb InternetReadFile 61591->61592 61593 40d801 61594 40223f 61593->61594 61595 40d80a 61593->61595 61598 402b72 61594->61598 61599 401f64 FindResourceA 61594->61599 61595->61598 61607 40212f 61595->61607 61600 401f86 GetLastError SizeofResource 61599->61600 61602 401f9f 61599->61602 61601 401fa6 LoadResource LockResource GlobalAlloc 61600->61601 61600->61602 61603 401fd2 61601->61603 61602->61598 61604 401ffb GetTickCount 61603->61604 61606 402005 GlobalAlloc 61604->61606 61606->61602 61608 402527 VirtualAlloc 61607->61608 61610 40d3bc 61608->61610 61611 2d19210 61612 2d3c1a3 DeleteFileA 61611->61612 61613 2cd5e4f RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 61683 2cd42c7 61613->61683 61615 2cd5ebc GetTickCount 61616 2cd59fa 59 API calls 61615->61616 61617 2cd5ed9 GetVersionExA 61616->61617 61618 2cd5f1a _memset 61617->61618 61619 2ce1fac _malloc 59 API calls 61618->61619 61620 2cd5f27 61619->61620 61621 2ce1fac _malloc 59 API calls 61620->61621 61622 2cd5f37 61621->61622 61623 2ce1fac _malloc 59 API calls 61622->61623 61624 2cd5f42 61623->61624 61625 2ce1fac _malloc 59 API calls 61624->61625 61626 2cd5f4d 61625->61626 61627 2ce1fac _malloc 59 API calls 61626->61627 61628 2cd5f58 61627->61628 61629 2ce1fac _malloc 59 API calls 61628->61629 61630 2cd5f63 61629->61630 61631 2ce1fac _malloc 59 API calls 61630->61631 61632 2cd5f6e 61631->61632 61633 2ce1fac _malloc 59 API calls 61632->61633 61634 2cd5f7a 6 API calls 61633->61634 61635 2cd5fc7 _memset 61634->61635 61636 2cd5fe0 RtlEnterCriticalSection RtlLeaveCriticalSection 61635->61636 61637 2ce1fac _malloc 59 API calls 61636->61637 61638 2cd601c 61637->61638 61639 2ce1fac _malloc 59 API calls 61638->61639 61640 2cd602a 61639->61640 61641 2ce1fac _malloc 59 API calls 61640->61641 61642 2cd6031 61641->61642 61643 2ce1fac _malloc 59 API calls 61642->61643 61644 2cd6052 QueryPerformanceCounter Sleep 61643->61644 61645 2ce1fac _malloc 59 API calls 61644->61645 61646 2cd6078 61645->61646 61647 2ce1fac _malloc 59 API calls 61646->61647 61675 2cd6088 _memset 61647->61675 61648 2cd60fb RtlEnterCriticalSection RtlLeaveCriticalSection 61648->61675 61649 2cd60f5 Sleep 61649->61648 61650 2cd648f RtlEnterCriticalSection RtlLeaveCriticalSection 61651 2ce133c 66 API calls 61650->61651 61651->61675 61652 2ce1fac _malloc 59 API calls 61653 2cd6531 RtlEnterCriticalSection RtlLeaveCriticalSection 61652->61653 61653->61675 61654 2cd67e8 RtlEnterCriticalSection RtlLeaveCriticalSection 61654->61675 61655 2ce133c 66 API calls 61655->61675 61656 2cd5c02 59 API calls 61656->61675 61657 2ce1418 _sprintf 84 API calls 61657->61675 61658 2cd1ba7 210 API calls 61658->61675 61659 2cd694d RtlEnterCriticalSection 61660 2cd697a RtlLeaveCriticalSection 61659->61660 61659->61675 61662 2cd3c67 72 API calls 61660->61662 61661 2ce1fac _malloc 59 API calls 61661->61675 61662->61675 61663 2cd3d7e 64 API calls 61663->61675 61664 2cd7330 89 API calls 61664->61675 61665 2ce1f74 _free 59 API calls 61665->61675 61666 2cd7ff8 88 API calls 61666->61675 61667 2cd73df 71 API calls 61667->61675 61668 2ce27b5 _Allocate 60 API calls 61668->61675 61669 2ce1850 _swscanf 59 API calls 61669->61675 61670 2cd33b2 86 API calls 61670->61675 61671 2cd971a 73 API calls 61671->61675 61672 2cd872c 212 API calls 61672->61675 61673 2ce25e6 65 API calls _strtok 61673->61675 61674 2cd9844 60 API calls 61674->61675 61675->61648 61675->61649 61675->61650 61675->61652 61675->61654 61675->61655 61675->61656 61675->61657 61675->61658 61675->61659 61675->61660 61675->61661 61675->61663 61675->61664 61675->61665 61675->61666 61675->61667 61675->61668 61675->61669 61675->61670 61675->61671 61675->61672 61675->61673 61675->61674 61675->61675 61676 2cd5119 103 API calls 61675->61676 61677 2cdc10c 73 API calls 61675->61677 61678 2cd9c04 210 API calls 61675->61678 61679 2cd6765 Sleep 61675->61679 61681 2cd6760 shared_ptr 61675->61681 61676->61675 61677->61675 61678->61675 61680 2ce08f0 GetProcessHeap HeapFree 61679->61680 61680->61681 61681->61675 61681->61679 61682 2cd4100 GetProcessHeap HeapFree 61681->61682 61682->61681 61684 40d546 CopyFileA 61685 2d13b1a 61686 2d13b1d CreateFileA 61685->61686 61688 2d58b1b 61686->61688 61689 2d0cf9c SHGetSpecialFolderPathA 61690 2d0cfad 61689->61690 61691 403310 GetVersion 61715 404454 HeapCreate 61691->61715 61693 40336f 61694 403374 61693->61694 61695 40337c 61693->61695 61790 40342b 8 API calls 61694->61790 61727 404134 61695->61727 61699 403384 GetCommandLineA 61741 404002 61699->61741 61703 40339e 61773 403cfc 61703->61773 61705 4033a3 61706 4033a8 GetStartupInfoA 61705->61706 61786 403ca4 61706->61786 61708 4033ba GetModuleHandleA 61710 4033de 61708->61710 61791 403a4b GetCurrentProcess TerminateProcess ExitProcess 61710->61791 61712 4033e7 61792 403b20 UnhandledExceptionFilter 61712->61792 61714 4033f8 61716 404474 61715->61716 61717 4044aa 61715->61717 61793 40430c 19 API calls 61716->61793 61717->61693 61719 404479 61720 404490 61719->61720 61721 404483 61719->61721 61722 4044ad 61720->61722 61795 40507c HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 61720->61795 61794 40482b HeapAlloc 61721->61794 61722->61693 61724 40448d 61724->61722 61726 40449e HeapDestroy 61724->61726 61726->61717 61796 40344f 61727->61796 61730 404153 GetStartupInfoA 61737 404264 61730->61737 61740 40419f 61730->61740 61733 4042cb SetHandleCount 61733->61699 61734 40428b GetStdHandle 61736 404299 GetFileType 61734->61736 61734->61737 61735 40344f 12 API calls 61735->61740 61736->61737 61737->61733 61737->61734 61738 404210 61738->61737 61739 404232 GetFileType 61738->61739 61739->61738 61740->61735 61740->61737 61740->61738 61742 404050 61741->61742 61743 40401d GetEnvironmentStringsW 61741->61743 61745 404025 61742->61745 61746 404041 61742->61746 61744 404031 GetEnvironmentStrings 61743->61744 61743->61745 61744->61746 61747 403394 61744->61747 61748 404069 WideCharToMultiByte 61745->61748 61749 40405d GetEnvironmentStringsW 61745->61749 61746->61747 61750 4040e3 GetEnvironmentStrings 61746->61750 61751 4040ef 61746->61751 61764 403db5 61747->61764 61753 40409d 61748->61753 61754 4040cf FreeEnvironmentStringsW 61748->61754 61749->61747 61749->61748 61750->61747 61750->61751 61755 40344f 12 API calls 61751->61755 61756 40344f 12 API calls 61753->61756 61754->61747 61762 40410a 61755->61762 61757 4040a3 61756->61757 61757->61754 61758 4040ac WideCharToMultiByte 61757->61758 61760 4040c6 61758->61760 61761 4040bd 61758->61761 61759 404120 FreeEnvironmentStringsA 61759->61747 61760->61754 61805 403501 61761->61805 61762->61759 61765 403dc7 61764->61765 61766 403dcc GetModuleFileNameA 61764->61766 61818 406614 19 API calls 61765->61818 61768 403def 61766->61768 61769 40344f 12 API calls 61768->61769 61770 403e10 61769->61770 61771 403e20 61770->61771 61819 403406 7 API calls 61770->61819 61771->61703 61774 403d09 61773->61774 61776 403d0e 61773->61776 61820 406614 19 API calls 61774->61820 61777 40344f 12 API calls 61776->61777 61778 403d3b 61777->61778 61779 403d4f 61778->61779 61821 403406 7 API calls 61778->61821 61783 403d92 61779->61783 61784 40344f 12 API calls 61779->61784 61822 403406 7 API calls 61779->61822 61781 403501 7 API calls 61782 403d9e 61781->61782 61782->61705 61783->61781 61784->61779 61787 403cad 61786->61787 61789 403cb2 61786->61789 61823 406614 19 API calls 61787->61823 61789->61708 61791->61712 61792->61714 61793->61719 61794->61724 61795->61724 61800 403461 61796->61800 61799 403406 7 API calls 61799->61730 61801 403468 61800->61801 61802 40345e 61800->61802 61801->61802 61804 40348d 12 API calls 61801->61804 61802->61730 61802->61799 61804->61801 61806 40350d 61805->61806 61814 403529 61805->61814 61807 403517 61806->61807 61808 40352d 61806->61808 61810 403559 HeapFree 61807->61810 61811 403523 61807->61811 61809 403558 61808->61809 61813 403547 61808->61813 61809->61810 61810->61814 61816 40489e VirtualFree VirtualFree HeapFree 61811->61816 61817 40532f VirtualFree HeapFree VirtualFree 61813->61817 61814->61760 61816->61814 61817->61814 61818->61766 61819->61771 61820->61776 61821->61779 61822->61779 61823->61789 61824 4029d0 GetLocalTime 61825 40d901 61824->61825 61828 401f27 61825->61828 61829 401f3c 61828->61829 61832 401a1d 61829->61832 61831 401f45 61833 401a2c 61832->61833 61838 401a4f CreateFileA 61833->61838 61837 401a3e 61837->61831 61839 401a35 61838->61839 61842 401a7d 61838->61842 61846 401b4b LoadLibraryA 61839->61846 61840 401a98 DeviceIoControl 61840->61842 61842->61840 61843 401b3a CloseHandle 61842->61843 61844 401b0e GetLastError 61842->61844 61855 403106 7 API calls 61842->61855 61856 4030f8 12 API calls 61842->61856 61843->61839 61844->61842 61844->61843 61847 401c21 61846->61847 61848 401b6e GetProcAddress 61846->61848 61847->61837 61849 401c18 FreeLibrary 61848->61849 61853 401b85 61848->61853 61849->61847 61850 401b95 GetAdaptersInfo 61850->61853 61852 401c15 61852->61849 61853->61850 61853->61852 61857 403106 7 API calls 61853->61857 61858 4030f8 12 API calls 61853->61858 61855->61842 61856->61842 61857->61853 61858->61853 61859 2cde99c LoadLibraryA 61860 2cdea7f 61859->61860 61861 2cde9c5 GetProcAddress 61859->61861 61862 2cdea78 FreeLibrary 61861->61862 61864 2cde9d9 61861->61864 61862->61860 61863 2cde9eb GetAdaptersInfo 61863->61864 61864->61863 61865 2cdea73 61864->61865 61867 2ce27b5 61864->61867 61865->61862 61869 2ce27bd 61867->61869 61870 2ce27d7 61869->61870 61872 2ce27db std::exception::exception 61869->61872 61875 2ce1fac 61869->61875 61892 2ce6e63 RtlDecodePointer 61869->61892 61870->61864 61893 2ce31ba RaiseException 61872->61893 61874 2ce2805 61876 2ce2027 61875->61876 61888 2ce1fb8 61875->61888 61900 2ce6e63 RtlDecodePointer 61876->61900 61878 2ce202d 61901 2ce4abb 59 API calls __getptd_noexit 61878->61901 61881 2ce1feb RtlAllocateHeap 61881->61888 61891 2ce201f 61881->61891 61883 2ce2013 61898 2ce4abb 59 API calls __getptd_noexit 61883->61898 61887 2ce1fc3 61887->61888 61894 2ce7281 59 API calls __NMSG_WRITE 61887->61894 61895 2ce72de 59 API calls 7 library calls 61887->61895 61896 2ce6eca GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 61887->61896 61888->61881 61888->61883 61888->61887 61889 2ce2011 61888->61889 61897 2ce6e63 RtlDecodePointer 61888->61897 61899 2ce4abb 59 API calls __getptd_noexit 61889->61899 61891->61869 61892->61869 61893->61874 61894->61887 61895->61887 61897->61888 61898->61889 61899->61891 61900->61878 61901->61891 61902 4026d3 61903 4026d9 61902->61903 61904 40de4b CreateDirectoryA 61903->61904 61905 40df2a 61904->61905 61906 2cde898 CreateFileA 61907 2cde8c9 61906->61907 61908 2cde994 61906->61908 61909 2cde8e1 DeviceIoControl 61907->61909 61910 2cde98a CloseHandle 61907->61910 61911 2cde956 GetLastError 61907->61911 61912 2ce27b5 _Allocate 60 API calls 61907->61912 61909->61907 61910->61908 61911->61907 61911->61910 61912->61907 61913 402d15 RegCreateKeyExA 61914 402d23 61913->61914 61915 2d0cfce WriteFile 61916 2d4a490 61915->61916 61917 40285f Sleep 61918 40d000 61917->61918 61919 40d0a2 61920 40da7c LoadLibraryExA 61919->61920 61921 40df6c 61920->61921 61922 402b29 61923 40dcd7 RegSetValueExA 61922->61923 61924 4024e9 lstrcmpiW 61925 40d2f0 61924->61925 61926 40272f 61927 40d9f1 CopyFileA 61926->61927 61928 40d171 61929 40d10a 61928->61929 61936 40d152 61928->61936 61930 40d24f RegQueryValueExA 61929->61930 61931 402d02 61930->61931 61932 40d25d RegOpenKeyExA 61930->61932 61933 40dca0 RegCloseKey 61931->61933 61935 40df81 61932->61935 61936->61928 61936->61930 61937 40d51f ShellExecuteExA 61936->61937 61938 40d81a GlobalFree 61937->61938 61939 40dc3c 61938->61939 61940 4026b5 61943 2ce2978 61940->61943 61944 2ce2986 61943->61944 61945 2ce2981 61943->61945 61949 2ce299b 61944->61949 61957 2ce917c GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 61945->61957 61948 4026b7 61950 2ce29a7 __CRT_INIT@12 61949->61950 61954 2ce29f5 ___DllMainCRTStartup 61950->61954 61956 2ce2a52 __CRT_INIT@12 61950->61956 61958 2ce2806 61950->61958 61952 2ce2a2f 61953 2ce2806 __CRT_INIT@12 138 API calls 61952->61953 61952->61956 61953->61956 61954->61952 61955 2ce2806 __CRT_INIT@12 138 API calls 61954->61955 61954->61956 61955->61952 61956->61948 61957->61944 61959 2ce2812 __CRT_INIT@12 61958->61959 61960 2ce281a 61959->61960 61961 2ce2894 61959->61961 62006 2ce6e46 GetProcessHeap 61960->62006 61963 2ce28fd 61961->61963 61964 2ce2898 61961->61964 61966 2ce2902 61963->61966 61967 2ce2960 61963->61967 61969 2ce28b9 61964->61969 61996 2ce2823 __CRT_INIT@12 61964->61996 62095 2ce7009 59 API calls _doexit 61964->62095 61965 2ce281f 61965->61996 62007 2ce49f4 61965->62007 62100 2ce7d7b 61966->62100 61967->61996 62126 2ce4884 59 API calls 2 library calls 61967->62126 62096 2ce6ee0 61 API calls _free 61969->62096 61971 2ce290d 61971->61996 62103 2ce761a 61971->62103 61975 2ce28be 61978 2ce28cf __CRT_INIT@12 61975->61978 62097 2ce8e1a 60 API calls _free 61975->62097 61976 2ce282f __RTC_Initialize 61983 2ce283f GetCommandLineA 61976->61983 61976->61996 62099 2ce28e8 62 API calls __mtterm 61978->62099 61982 2ce28ca 62098 2ce4a6a 62 API calls 2 library calls 61982->62098 62028 2ce9218 GetEnvironmentStringsW 61983->62028 61987 2ce2936 61989 2ce293c 61987->61989 61990 2ce2954 61987->61990 62110 2ce4941 61989->62110 62120 2ce1f74 61990->62120 61994 2ce2859 61997 2ce285d 61994->61997 62060 2ce8e6c 61994->62060 61995 2ce2944 GetCurrentThreadId 61995->61996 61996->61954 62093 2ce4a6a 62 API calls 2 library calls 61997->62093 62001 2ce287d 62001->61996 62094 2ce8e1a 60 API calls _free 62001->62094 62006->61965 62127 2ce70b0 36 API calls 2 library calls 62007->62127 62009 2ce49f9 62128 2ce75cc InitializeCriticalSectionAndSpinCount __ioinit 62009->62128 62011 2ce49fe 62012 2ce4a02 62011->62012 62130 2ce7d3e TlsAlloc 62011->62130 62129 2ce4a6a 62 API calls 2 library calls 62012->62129 62015 2ce4a07 62015->61976 62016 2ce4a14 62016->62012 62017 2ce4a1f 62016->62017 62018 2ce761a __calloc_crt 59 API calls 62017->62018 62019 2ce4a2c 62018->62019 62020 2ce4a61 62019->62020 62131 2ce7d9a TlsSetValue 62019->62131 62132 2ce4a6a 62 API calls 2 library calls 62020->62132 62023 2ce4a66 62023->61976 62024 2ce4a40 62024->62020 62025 2ce4a46 62024->62025 62026 2ce4941 __initptd 59 API calls 62025->62026 62027 2ce4a4e GetCurrentThreadId 62026->62027 62027->61976 62030 2ce922b WideCharToMultiByte 62028->62030 62034 2ce284f 62028->62034 62031 2ce925e 62030->62031 62032 2ce9295 FreeEnvironmentStringsW 62030->62032 62133 2ce7662 59 API calls 2 library calls 62031->62133 62032->62034 62041 2ce8b66 62034->62041 62035 2ce9264 62035->62032 62036 2ce926b WideCharToMultiByte 62035->62036 62037 2ce928a FreeEnvironmentStringsW 62036->62037 62038 2ce9281 62036->62038 62037->62034 62039 2ce1f74 _free 59 API calls 62038->62039 62040 2ce9287 62039->62040 62040->62037 62042 2ce8b72 __CRT_INIT@12 62041->62042 62043 2ce749b __lock 59 API calls 62042->62043 62044 2ce8b79 62043->62044 62045 2ce761a __calloc_crt 59 API calls 62044->62045 62046 2ce8b8a 62045->62046 62047 2ce8bf5 GetStartupInfoW 62046->62047 62048 2ce8b95 @_EH4_CallFilterFunc@8 __CRT_INIT@12 62046->62048 62054 2ce8c0a 62047->62054 62055 2ce8d39 62047->62055 62048->61994 62049 2ce8e01 62136 2ce8e11 RtlLeaveCriticalSection _doexit 62049->62136 62051 2ce761a __calloc_crt 59 API calls 62051->62054 62052 2ce8d86 GetStdHandle 62052->62055 62053 2ce8d99 GetFileType 62053->62055 62054->62051 62054->62055 62057 2ce8c58 62054->62057 62055->62049 62055->62052 62055->62053 62135 2ce7dbc InitializeCriticalSectionAndSpinCount 62055->62135 62056 2ce8c8c GetFileType 62056->62057 62057->62055 62057->62056 62134 2ce7dbc InitializeCriticalSectionAndSpinCount 62057->62134 62061 2ce8e7f GetModuleFileNameA 62060->62061 62062 2ce8e7a 62060->62062 62064 2ce8eac 62061->62064 62143 2ce3eea 71 API calls __setmbcp 62062->62143 62137 2ce8f1f 62064->62137 62066 2ce2869 62066->62001 62071 2ce909b 62066->62071 62069 2ce8ee5 62069->62066 62070 2ce8f1f _parse_cmdline 59 API calls 62069->62070 62070->62066 62072 2ce90a4 62071->62072 62074 2ce90a9 _strlen 62071->62074 62147 2ce3eea 71 API calls __setmbcp 62072->62147 62075 2ce761a __calloc_crt 59 API calls 62074->62075 62078 2ce2872 62074->62078 62083 2ce90df _strlen 62075->62083 62076 2ce9131 62077 2ce1f74 _free 59 API calls 62076->62077 62077->62078 62078->62001 62087 2ce7018 62078->62087 62079 2ce761a __calloc_crt 59 API calls 62079->62083 62080 2ce9158 62081 2ce1f74 _free 59 API calls 62080->62081 62081->62078 62083->62076 62083->62078 62083->62079 62083->62080 62084 2ce916f 62083->62084 62148 2ce591c 59 API calls __cftoa_l 62083->62148 62149 2ce3b65 8 API calls 2 library calls 62084->62149 62086 2ce917b 62088 2ce7024 __IsNonwritableInCurrentImage 62087->62088 62150 2ceab7f 62088->62150 62090 2ce7042 __initterm_e 62091 2ce23a4 __cinit 68 API calls 62090->62091 62092 2ce7061 _doexit __IsNonwritableInCurrentImage 62090->62092 62091->62092 62092->62001 62093->61996 62094->61997 62095->61969 62096->61975 62097->61982 62098->61978 62099->61996 62101 2ce7d8e 62100->62101 62102 2ce7d92 TlsGetValue 62100->62102 62101->61971 62102->61971 62106 2ce7621 62103->62106 62105 2ce291e 62105->61996 62109 2ce7d9a TlsSetValue 62105->62109 62106->62105 62108 2ce763f 62106->62108 62153 2cee9a8 62106->62153 62108->62105 62108->62106 62161 2ce80b7 Sleep 62108->62161 62109->61987 62111 2ce494d __CRT_INIT@12 62110->62111 62112 2ce749b __lock 59 API calls 62111->62112 62113 2ce498a 62112->62113 62164 2ce49e2 62113->62164 62116 2ce749b __lock 59 API calls 62117 2ce49ab ___addlocaleref 62116->62117 62167 2ce49eb 62117->62167 62119 2ce49d6 __CRT_INIT@12 62119->61995 62121 2ce1f7d HeapFree 62120->62121 62122 2ce1fa6 _free 62120->62122 62121->62122 62123 2ce1f92 62121->62123 62122->61996 62172 2ce4abb 59 API calls __getptd_noexit 62123->62172 62125 2ce1f98 GetLastError 62125->62122 62126->61996 62127->62009 62128->62011 62129->62015 62130->62016 62131->62024 62132->62023 62133->62035 62134->62057 62135->62055 62136->62048 62139 2ce8f41 62137->62139 62142 2ce8fa5 62139->62142 62145 2ceef86 59 API calls x_ismbbtype_l 62139->62145 62140 2ce8ec2 62140->62066 62144 2ce7662 59 API calls 2 library calls 62140->62144 62142->62140 62146 2ceef86 59 API calls x_ismbbtype_l 62142->62146 62143->62061 62144->62069 62145->62139 62146->62142 62147->62074 62148->62083 62149->62086 62151 2ceab82 RtlEncodePointer 62150->62151 62151->62151 62152 2ceab9c 62151->62152 62152->62090 62154 2cee9b3 62153->62154 62160 2cee9ce 62153->62160 62155 2cee9bf 62154->62155 62154->62160 62162 2ce4abb 59 API calls __getptd_noexit 62155->62162 62157 2cee9de RtlAllocateHeap 62158 2cee9c4 62157->62158 62157->62160 62158->62106 62160->62157 62160->62158 62163 2ce6e63 RtlDecodePointer 62160->62163 62161->62108 62162->62158 62163->62160 62170 2ce7605 RtlLeaveCriticalSection 62164->62170 62166 2ce49a4 62166->62116 62171 2ce7605 RtlLeaveCriticalSection 62167->62171 62169 2ce49f2 62169->62119 62170->62166 62171->62169 62172->62125 62173 2d1bba6 62174 2d50017 WriteFile 62173->62174 62175 2d68174 62174->62175 62176 40d03d OpenSCManagerA 62177 4028bf RegCloseKey 62178 4028c5 62177->62178

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 0 2cd5e4f-2cd60dd RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress call 2cd42c7 GetTickCount call 2cd59fa GetVersionExA call 2ce3750 call 2ce1fac * 8 GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap GetProcessHeap RtlAllocateHeap call 2ce3750 * 3 RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce1fac * 4 QueryPerformanceCounter Sleep call 2ce1fac * 2 call 2ce3750 * 2 45 2cd60e1-2cd60e3 0->45 46 2cd60ec-2cd60ee 45->46 47 2cd60e5-2cd60ea 45->47 48 2cd60fb-2cd6439 RtlEnterCriticalSection RtlLeaveCriticalSection 46->48 49 2cd60f0 46->49 50 2cd60f5 Sleep 47->50 54 2cd643b-2cd6441 48->54 55 2cd6455-2cd645f 48->55 49->50 50->48 57 2cd6447-2cd6454 call 2cd534d 54->57 58 2cd6443-2cd6445 54->58 55->45 56 2cd6465-2cd6489 call 2ce3750 call 2cd439c 55->56 56->45 65 2cd648f-2cd64ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce133c 56->65 57->55 58->55 68 2cd64bc-2cd64cb call 2ce133c 65->68 69 2cd6504-2cd651c call 2ce133c 65->69 68->69 76 2cd64cd-2cd64dc call 2ce133c 68->76 74 2cd67c3-2cd67d2 call 2ce133c 69->74 75 2cd6522-2cd6524 69->75 83 2cd67d4-2cd67d6 74->83 84 2cd6817-2cd6826 call 2ce133c 74->84 75->74 78 2cd652a-2cd65d5 call 2ce1fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce3750 * 5 call 2cd439c * 2 75->78 76->69 86 2cd64de-2cd64ed call 2ce133c 76->86 130 2cd65d7-2cd65d9 78->130 131 2cd6612 78->131 83->84 88 2cd67d8-2cd6812 call 2ce3750 RtlEnterCriticalSection RtlLeaveCriticalSection 83->88 97 2cd6828-2cd6831 call 2cd5c02 call 2cd5d10 84->97 98 2cd683b-2cd684a call 2ce133c 84->98 86->69 95 2cd64ef-2cd64fe call 2ce133c 86->95 88->45 95->45 95->69 113 2cd6836 97->113 98->45 108 2cd6850-2cd6852 98->108 108->45 111 2cd6858-2cd6871 call 2cd439c 108->111 111->45 118 2cd6877-2cd6946 call 2ce1418 call 2cd1ba7 111->118 113->45 128 2cd694d-2cd696e RtlEnterCriticalSection 118->128 129 2cd6948 call 2cd143f 118->129 135 2cd697a-2cd69e1 RtlLeaveCriticalSection call 2cd3c67 call 2cd3d7e call 2cd7330 128->135 136 2cd6970-2cd6977 128->136 129->128 130->131 134 2cd65db-2cd65ed call 2ce133c 130->134 132 2cd6616-2cd6644 call 2ce1fac call 2ce3750 call 2cd439c 131->132 156 2cd6685-2cd668e call 2ce1f74 132->156 157 2cd6646-2cd6655 call 2ce25e6 132->157 134->131 145 2cd65ef-2cd6610 call 2cd439c 134->145 154 2cd6b49-2cd6b5d call 2cd7ff8 135->154 155 2cd69e7-2cd6a29 call 2cd971a 135->155 136->135 145->132 154->45 168 2cd6a2f-2cd6a36 155->168 169 2cd6b13-2cd6b24 call 2cd73df 155->169 166 2cd6694-2cd66ac call 2ce27b5 156->166 167 2cd67b1-2cd67be 156->167 157->156 170 2cd6657 157->170 180 2cd66ae-2cd66b6 call 2cd872c 166->180 181 2cd66b8 166->181 167->45 173 2cd6a39-2cd6a3e 168->173 175 2cd6b29-2cd6b44 call 2cd33b2 169->175 174 2cd665c-2cd666e call 2ce1850 170->174 173->173 177 2cd6a40-2cd6a85 call 2cd971a 173->177 187 2cd6670 174->187 188 2cd6673-2cd6683 call 2ce25e6 174->188 175->154 177->169 192 2cd6a8b-2cd6a91 177->192 185 2cd66ba-2cd6748 call 2cd9844 call 2cd3863 call 2cd5119 call 2cd3863 call 2cd9aea call 2cd9c04 180->185 181->185 211 2cd674d-2cd675e 185->211 187->188 188->156 188->174 195 2cd6a94-2cd6a99 192->195 195->195 197 2cd6a9b-2cd6ad6 call 2cd971a 195->197 197->169 203 2cd6ad8-2cd6b0c call 2cdc10c 197->203 207 2cd6b11-2cd6b12 203->207 207->169 212 2cd6765-2cd6790 Sleep call 2ce08f0 211->212 213 2cd6760 call 2cd380b 211->213 217 2cd679c-2cd67aa 212->217 218 2cd6792-2cd679b call 2cd4100 212->218 213->212 217->167 219 2cd67ac call 2cd380b 217->219 218->217 219->167
                                                                                                            APIs
                                                                                                            • RtlInitializeCriticalSection.NTDLL(02D04FC8), ref: 02CD5E83
                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02CD5E9A
                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 02CD5EA3
                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02CD5EB2
                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 02CD5EB5
                                                                                                            • GetTickCount.KERNEL32 ref: 02CD5EC9
                                                                                                              • Part of subcall function 02CD59FA: _malloc.LIBCMT ref: 02CD5A08
                                                                                                            • GetVersionExA.KERNEL32(02D04E18), ref: 02CD5EF6
                                                                                                            • _memset.LIBCMT ref: 02CD5F15
                                                                                                            • _malloc.LIBCMT ref: 02CD5F22
                                                                                                              • Part of subcall function 02CE1FAC: __FF_MSGBANNER.LIBCMT ref: 02CE1FC3
                                                                                                              • Part of subcall function 02CE1FAC: __NMSG_WRITE.LIBCMT ref: 02CE1FCA
                                                                                                              • Part of subcall function 02CE1FAC: RtlAllocateHeap.NTDLL(008E0000,00000000,00000001), ref: 02CE1FEF
                                                                                                            • _malloc.LIBCMT ref: 02CD5F32
                                                                                                            • _malloc.LIBCMT ref: 02CD5F3D
                                                                                                            • _malloc.LIBCMT ref: 02CD5F48
                                                                                                            • _malloc.LIBCMT ref: 02CD5F53
                                                                                                            • _malloc.LIBCMT ref: 02CD5F5E
                                                                                                            • _malloc.LIBCMT ref: 02CD5F69
                                                                                                            • _malloc.LIBCMT ref: 02CD5F75
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02CD5F8C
                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02CD5F95
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02CD5FA1
                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02CD5FA4
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02CD5FAF
                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02CD5FB2
                                                                                                            • _memset.LIBCMT ref: 02CD5FC2
                                                                                                            • _memset.LIBCMT ref: 02CD5FCE
                                                                                                            • _memset.LIBCMT ref: 02CD5FDB
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD5FE9
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD5FF6
                                                                                                            • _malloc.LIBCMT ref: 02CD6017
                                                                                                            • _malloc.LIBCMT ref: 02CD6025
                                                                                                            • _malloc.LIBCMT ref: 02CD602C
                                                                                                            • _malloc.LIBCMT ref: 02CD604D
                                                                                                            • QueryPerformanceCounter.KERNEL32(00000200), ref: 02CD6059
                                                                                                            • Sleep.KERNEL32(00000000), ref: 02CD6067
                                                                                                            • _malloc.LIBCMT ref: 02CD6073
                                                                                                            • _malloc.LIBCMT ref: 02CD6083
                                                                                                            • _memset.LIBCMT ref: 02CD6098
                                                                                                            • _memset.LIBCMT ref: 02CD60A8
                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 02CD60F5
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD6100
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD6111
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: _malloc$Heap$_memset$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                                                            • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$gpt=%.8x&advizor=%d&box=%d&hp=%x&lp=%x&line=%d&os=%d.%d.%04d&flag=%d&itd=%d$ntdll.dll$sprintf$strcat
                                                                                                            • API String ID: 1856495841-1038016512
                                                                                                            • Opcode ID: 493ee05875640c0de2619770a2342c444b86df31b0063c6b718a8420951e0f58
                                                                                                            • Instruction ID: 03f54c81b636baff122474666323eed73c3d678b0997f97d1fb48a6fa95065b8
                                                                                                            • Opcode Fuzzy Hash: 493ee05875640c0de2619770a2342c444b86df31b0063c6b718a8420951e0f58
                                                                                                            • Instruction Fuzzy Hash: CA71AFB1D48380AFD710AF74A849F5B7FD8AF89300F550919F78997390DBB858148BD6

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 689 401b4b-401b68 LoadLibraryA 690 401c21-401c25 689->690 691 401b6e-401b7f GetProcAddress 689->691 692 401b85-401b8e 691->692 693 401c18-401c1b FreeLibrary 691->693 694 401b95-401ba5 GetAdaptersInfo 692->694 693->690 695 401ba7-401bb0 694->695 696 401bdb-401be3 694->696 699 401bc1-401bd7 call 403120 call 4018cc 695->699 700 401bb2-401bb6 695->700 697 401be5-401beb call 403106 696->697 698 401bec-401bf0 696->698 697->698 702 401bf2-401bf6 698->702 703 401c15-401c17 698->703 699->696 700->696 704 401bb8-401bbf 700->704 702->703 708 401bf8-401bfb 702->708 703->693 704->699 704->700 710 401c06-401c13 call 4030f8 708->710 711 401bfd-401c03 708->711 710->694 710->703 711->710
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 00401B5D
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                                                                            • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                            • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                                                                            • API String ID: 514930453-3667123677
                                                                                                            • Opcode ID: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                                                            • Instruction ID: a9f54c968f2091474e8feb0d981771773be25d9c6ef5ebc30493122ab1168d3f
                                                                                                            • Opcode Fuzzy Hash: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                                                            • Instruction Fuzzy Hash: E821B870904209AEDF219F65C9447EF7FB8EF45345F0440BAE604B62A1E7389A85CB69

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 763 2cde99c-2cde9bf LoadLibraryA 764 2cdea7f-2cdea86 763->764 765 2cde9c5-2cde9d3 GetProcAddress 763->765 766 2cde9d9-2cde9e9 765->766 767 2cdea78-2cdea79 FreeLibrary 765->767 768 2cde9eb-2cde9f7 GetAdaptersInfo 766->768 767->764 769 2cdea2f-2cdea37 768->769 770 2cde9f9 768->770 771 2cdea39-2cdea3f call 2ce26cf 769->771 772 2cdea40-2cdea45 769->772 773 2cde9fb-2cdea02 770->773 771->772 775 2cdea47-2cdea4a 772->775 776 2cdea73-2cdea77 772->776 777 2cdea0c-2cdea14 773->777 778 2cdea04-2cdea08 773->778 775->776 780 2cdea4c-2cdea51 775->780 776->767 782 2cdea17-2cdea1c 777->782 778->773 781 2cdea0a 778->781 783 2cdea5e-2cdea69 call 2ce27b5 780->783 784 2cdea53-2cdea5b 780->784 781->769 782->782 785 2cdea1e-2cdea2b call 2cde6eb 782->785 783->776 790 2cdea6b-2cdea6e 783->790 784->783 785->769 790->768
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02CDE9B2
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02CDE9CB
                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02CDE9F0
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 02CDEA79
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                                                            • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                                                            • API String ID: 514930453-3114217049
                                                                                                            • Opcode ID: 09a48feba0cb8bc8a0738013039b77773101e0b9aa99001b4369b94f9c37edae
                                                                                                            • Instruction ID: d5f239d8a2bafe5df91ea430d0da89b20be03f06252b23d2d9f419a1743d3e9d
                                                                                                            • Opcode Fuzzy Hash: 09a48feba0cb8bc8a0738013039b77773101e0b9aa99001b4369b94f9c37edae
                                                                                                            • Instruction Fuzzy Hash: 4221E675E4420A9BDB10EBA9C8807EEBFB8AF45304F140169E709EB201D7309E45CBA4

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 848 2cde898-2cde8c3 CreateFileA 849 2cde8c9-2cde8de 848->849 850 2cde994-2cde99b 848->850 851 2cde8e1-2cde903 DeviceIoControl 849->851 852 2cde93c-2cde944 851->852 853 2cde905-2cde90d 851->853 856 2cde94d-2cde94f 852->856 857 2cde946-2cde94c call 2ce26cf 852->857 854 2cde90f-2cde914 853->854 855 2cde916-2cde91b 853->855 854->852 855->852 861 2cde91d-2cde925 855->861 859 2cde98a-2cde993 CloseHandle 856->859 860 2cde951-2cde954 856->860 857->856 859->850 863 2cde956-2cde95f GetLastError 860->863 864 2cde970-2cde97d call 2ce27b5 860->864 865 2cde928-2cde92d 861->865 863->859 866 2cde961-2cde964 863->866 864->859 872 2cde97f-2cde985 864->872 865->865 868 2cde92f-2cde93b call 2cde6eb 865->868 866->864 869 2cde966-2cde96d 866->869 868->852 869->864 872->851
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02CDE8B7
                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02CDE8F5
                                                                                                            • GetLastError.KERNEL32 ref: 02CDE956
                                                                                                            • CloseHandle.KERNEL32(?), ref: 02CDE98D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                                            • String ID: \\.\PhysicalDrive0
                                                                                                            • API String ID: 4026078076-1180397377
                                                                                                            • Opcode ID: 37cc2cd5fc96f17e1844abc3f3c03fa71d7619d50f3035435f005a8c155870bf
                                                                                                            • Instruction ID: 8a7bdc7505860dae59bb54904785395eba8c76991f324ed210b000c68a352ca8
                                                                                                            • Opcode Fuzzy Hash: 37cc2cd5fc96f17e1844abc3f3c03fa71d7619d50f3035435f005a8c155870bf
                                                                                                            • Instruction Fuzzy Hash: EA31CE71D01219EBDB64DF94D884BEEBBB8EF44754F24416AE605AB280D7B05B01CBE0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 874 401a4f-401a77 CreateFileA 875 401b45-401b4a 874->875 876 401a7d-401a91 874->876 877 401a98-401ac0 DeviceIoControl 876->877 878 401ac2-401aca 877->878 879 401af3-401afb 877->879 880 401ad4-401ad9 878->880 881 401acc-401ad2 878->881 882 401b04-401b07 879->882 883 401afd-401b03 call 403106 879->883 880->879 884 401adb-401af1 call 403120 call 4018cc 880->884 881->879 886 401b09-401b0c 882->886 887 401b3a-401b44 CloseHandle 882->887 883->882 884->879 890 401b27-401b34 call 4030f8 886->890 891 401b0e-401b17 GetLastError 886->891 887->875 890->877 890->887 891->887 894 401b19-401b1c 891->894 894->890 897 401b1e-401b24 894->897 897->890
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                                                                            • DeviceIoControl.KERNEL32(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                                                                            • GetLastError.KERNEL32 ref: 00401B0E
                                                                                                            • CloseHandle.KERNEL32(?), ref: 00401B3D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                                                            • String ID: \\.\PhysicalDrive0
                                                                                                            • API String ID: 4026078076-1180397377
                                                                                                            • Opcode ID: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                                                            • Instruction ID: ae54cd8959710a424601ffd4623f532e2396a469a493930b182490efebea7a61
                                                                                                            • Opcode Fuzzy Hash: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                                                            • Instruction Fuzzy Hash: 50318D71D01118EECB21EF95CD809EFBBB8EF45750F20807AE514B22A0E7785E45CB98
                                                                                                            APIs
                                                                                                            • InterlockedIncrement.KERNEL32(?), ref: 02CD36A7
                                                                                                              • Part of subcall function 02CD2420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02CD2432
                                                                                                              • Part of subcall function 02CD2420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02CD2445
                                                                                                              • Part of subcall function 02CD2420: RtlEnterCriticalSection.NTDLL(?), ref: 02CD2454
                                                                                                              • Part of subcall function 02CD2420: InterlockedExchange.KERNEL32(?,00000001), ref: 02CD2469
                                                                                                              • Part of subcall function 02CD2420: RtlLeaveCriticalSection.NTDLL(?), ref: 02CD2470
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                                                                            • String ID:
                                                                                                            • API String ID: 1601054111-0
                                                                                                            • Opcode ID: b35c94274038a6c02aec5ae5df44e78faa4926d15af22feb05f7aad64cda023b
                                                                                                            • Instruction ID: 525e42deea7a4a78b52362ce8a2aceda29347f88cb2fb4935213ffda5ee51805
                                                                                                            • Opcode Fuzzy Hash: b35c94274038a6c02aec5ae5df44e78faa4926d15af22feb05f7aad64cda023b
                                                                                                            • Instruction Fuzzy Hash: 6011C4B6100648ABDF219E14CD45FAB3BA5EF44394F104556FF518B290CB74E960CF95

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 223 2cd633e-2cd634f 224 2cd6350-2cd6359 223->224 225 2cd635d-2cd637c 224->225 225->223 226 2cd637e-2cd6398 225->226 227 2cd63a9-2cd63b4 226->227 228 2cd639a-2cd63a8 226->228 227->224 229 2cd63b6-2cd63ca 227->229 228->227 229->225 230 2cd63cc-2cd63dd 229->230 231 2cd641d-2cd6439 230->231 232 2cd63df-2cd63f0 230->232 233 2cd643b-2cd6441 231->233 234 2cd6455-2cd645f 231->234 232->231 237 2cd6447-2cd6454 call 2cd534d 233->237 238 2cd6443-2cd6445 233->238 235 2cd6465-2cd6489 call 2ce3750 call 2cd439c 234->235 236 2cd60e1-2cd60e3 234->236 235->236 251 2cd648f-2cd64ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce133c 235->251 240 2cd60ec-2cd60ee 236->240 241 2cd60e5-2cd60ea 236->241 237->234 238->234 244 2cd60fb-2cd641b RtlEnterCriticalSection RtlLeaveCriticalSection 240->244 245 2cd60f0 240->245 246 2cd60f5 Sleep 241->246 244->231 245->246 246->244 255 2cd64bc-2cd64cb call 2ce133c 251->255 256 2cd6504-2cd651c call 2ce133c 251->256 255->256 263 2cd64cd-2cd64dc call 2ce133c 255->263 261 2cd67c3-2cd67d2 call 2ce133c 256->261 262 2cd6522-2cd6524 256->262 270 2cd67d4-2cd67d6 261->270 271 2cd6817-2cd6826 call 2ce133c 261->271 262->261 265 2cd652a-2cd65d5 call 2ce1fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce3750 * 5 call 2cd439c * 2 262->265 263->256 273 2cd64de-2cd64ed call 2ce133c 263->273 317 2cd65d7-2cd65d9 265->317 318 2cd6612 265->318 270->271 275 2cd67d8-2cd6812 call 2ce3750 RtlEnterCriticalSection RtlLeaveCriticalSection 270->275 284 2cd6828-2cd6836 call 2cd5c02 call 2cd5d10 271->284 285 2cd683b-2cd684a call 2ce133c 271->285 273->256 282 2cd64ef-2cd64fe call 2ce133c 273->282 275->236 282->236 282->256 284->236 285->236 295 2cd6850-2cd6852 285->295 295->236 298 2cd6858-2cd6871 call 2cd439c 295->298 298->236 305 2cd6877-2cd6946 call 2ce1418 call 2cd1ba7 298->305 315 2cd694d-2cd696e RtlEnterCriticalSection 305->315 316 2cd6948 call 2cd143f 305->316 322 2cd697a-2cd69e1 RtlLeaveCriticalSection call 2cd3c67 call 2cd3d7e call 2cd7330 315->322 323 2cd6970-2cd6977 315->323 316->315 317->318 321 2cd65db-2cd65ed call 2ce133c 317->321 319 2cd6616-2cd6644 call 2ce1fac call 2ce3750 call 2cd439c 318->319 343 2cd6685-2cd668e call 2ce1f74 319->343 344 2cd6646-2cd6655 call 2ce25e6 319->344 321->318 332 2cd65ef-2cd6610 call 2cd439c 321->332 341 2cd6b49-2cd6b5d call 2cd7ff8 322->341 342 2cd69e7-2cd6a29 call 2cd971a 322->342 323->322 332->319 341->236 355 2cd6a2f-2cd6a36 342->355 356 2cd6b13-2cd6b44 call 2cd73df call 2cd33b2 342->356 353 2cd6694-2cd66ac call 2ce27b5 343->353 354 2cd67b1-2cd67be 343->354 344->343 357 2cd6657 344->357 367 2cd66ae-2cd66b6 call 2cd872c 353->367 368 2cd66b8 353->368 354->236 360 2cd6a39-2cd6a3e 355->360 356->341 361 2cd665c-2cd666e call 2ce1850 357->361 360->360 364 2cd6a40-2cd6a85 call 2cd971a 360->364 374 2cd6670 361->374 375 2cd6673-2cd6683 call 2ce25e6 361->375 364->356 379 2cd6a8b-2cd6a91 364->379 372 2cd66ba-2cd675e call 2cd9844 call 2cd3863 call 2cd5119 call 2cd3863 call 2cd9aea call 2cd9c04 367->372 368->372 399 2cd6765-2cd6790 Sleep call 2ce08f0 372->399 400 2cd6760 call 2cd380b 372->400 374->375 375->343 375->361 382 2cd6a94-2cd6a99 379->382 382->382 384 2cd6a9b-2cd6ad6 call 2cd971a 382->384 384->356 390 2cd6ad8-2cd6b12 call 2cdc10c 384->390 390->356 404 2cd679c-2cd67aa 399->404 405 2cd6792-2cd679b call 2cd4100 399->405 400->399 404->354 406 2cd67ac call 2cd380b 404->406 405->404 406->354
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                                            • API String ID: 0-2823103634
                                                                                                            • Opcode ID: ffb07856d04de14469ef2108499681487faab9b19d096d2ef26d73bb9e69a9f9
                                                                                                            • Instruction ID: 542b783b6ad90c63e80b6fd663e3908de94b679891ade7b463d9bab6c920b85a
                                                                                                            • Opcode Fuzzy Hash: ffb07856d04de14469ef2108499681487faab9b19d096d2ef26d73bb9e69a9f9
                                                                                                            • Instruction Fuzzy Hash: AC2268712483819FD734DB24E841BAF7BE9AFC5314F14491EE68A97281EB709905CB92

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 410 2cd63f9-2cd6439 413 2cd643b-2cd6441 410->413 414 2cd6455-2cd645f 410->414 417 2cd6447-2cd6454 call 2cd534d 413->417 418 2cd6443-2cd6445 413->418 415 2cd6465-2cd6489 call 2ce3750 call 2cd439c 414->415 416 2cd60e1-2cd60e3 414->416 415->416 430 2cd648f-2cd64ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce133c 415->430 420 2cd60ec-2cd60ee 416->420 421 2cd60e5-2cd60ea 416->421 417->414 418->414 424 2cd60fb-2cd612a RtlEnterCriticalSection RtlLeaveCriticalSection 420->424 425 2cd60f0 420->425 426 2cd60f5 Sleep 421->426 424->410 425->426 426->424 433 2cd64bc-2cd64cb call 2ce133c 430->433 434 2cd6504-2cd651c call 2ce133c 430->434 433->434 441 2cd64cd-2cd64dc call 2ce133c 433->441 439 2cd67c3-2cd67d2 call 2ce133c 434->439 440 2cd6522-2cd6524 434->440 448 2cd67d4-2cd67d6 439->448 449 2cd6817-2cd6826 call 2ce133c 439->449 440->439 443 2cd652a-2cd65d5 call 2ce1fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce3750 * 5 call 2cd439c * 2 440->443 441->434 451 2cd64de-2cd64ed call 2ce133c 441->451 495 2cd65d7-2cd65d9 443->495 496 2cd6612 443->496 448->449 453 2cd67d8-2cd6812 call 2ce3750 RtlEnterCriticalSection RtlLeaveCriticalSection 448->453 462 2cd6828-2cd6836 call 2cd5c02 call 2cd5d10 449->462 463 2cd683b-2cd684a call 2ce133c 449->463 451->434 460 2cd64ef-2cd64fe call 2ce133c 451->460 453->416 460->416 460->434 462->416 463->416 473 2cd6850-2cd6852 463->473 473->416 476 2cd6858-2cd6871 call 2cd439c 473->476 476->416 483 2cd6877-2cd6946 call 2ce1418 call 2cd1ba7 476->483 493 2cd694d-2cd696e RtlEnterCriticalSection 483->493 494 2cd6948 call 2cd143f 483->494 500 2cd697a-2cd69e1 RtlLeaveCriticalSection call 2cd3c67 call 2cd3d7e call 2cd7330 493->500 501 2cd6970-2cd6977 493->501 494->493 495->496 499 2cd65db-2cd65ed call 2ce133c 495->499 497 2cd6616-2cd6644 call 2ce1fac call 2ce3750 call 2cd439c 496->497 521 2cd6685-2cd668e call 2ce1f74 497->521 522 2cd6646-2cd6655 call 2ce25e6 497->522 499->496 510 2cd65ef-2cd6610 call 2cd439c 499->510 519 2cd6b49-2cd6b5d call 2cd7ff8 500->519 520 2cd69e7-2cd6a29 call 2cd971a 500->520 501->500 510->497 519->416 533 2cd6a2f-2cd6a36 520->533 534 2cd6b13-2cd6b44 call 2cd73df call 2cd33b2 520->534 531 2cd6694-2cd66ac call 2ce27b5 521->531 532 2cd67b1-2cd67be 521->532 522->521 535 2cd6657 522->535 545 2cd66ae-2cd66b6 call 2cd872c 531->545 546 2cd66b8 531->546 532->416 538 2cd6a39-2cd6a3e 533->538 534->519 539 2cd665c-2cd666e call 2ce1850 535->539 538->538 542 2cd6a40-2cd6a85 call 2cd971a 538->542 552 2cd6670 539->552 553 2cd6673-2cd6683 call 2ce25e6 539->553 542->534 557 2cd6a8b-2cd6a91 542->557 550 2cd66ba-2cd675e call 2cd9844 call 2cd3863 call 2cd5119 call 2cd3863 call 2cd9aea call 2cd9c04 545->550 546->550 577 2cd6765-2cd6790 Sleep call 2ce08f0 550->577 578 2cd6760 call 2cd380b 550->578 552->553 553->521 553->539 560 2cd6a94-2cd6a99 557->560 560->560 562 2cd6a9b-2cd6ad6 call 2cd971a 560->562 562->534 568 2cd6ad8-2cd6b12 call 2cdc10c 562->568 568->534 582 2cd679c-2cd67aa 577->582 583 2cd6792-2cd679b call 2cd4100 577->583 578->577 582->532 584 2cd67ac call 2cd380b 582->584 583->582 584->532
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: _memset$CriticalSection$EnterLeave_malloc_strtok$_free_swscanf
                                                                                                            • String ID: <htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls
                                                                                                            • API String ID: 3441009308-1437582238
                                                                                                            • Opcode ID: d173bac0036c9adda28092a2b4e24215e11c427bb65568dbed5030ab937396a9
                                                                                                            • Instruction ID: dcba83a6c41a84333de3dc0be5b482cd3e07d37cec3d89a052166d2969950ef0
                                                                                                            • Opcode Fuzzy Hash: d173bac0036c9adda28092a2b4e24215e11c427bb65568dbed5030ab937396a9
                                                                                                            • Instruction Fuzzy Hash: 43A145316483415BEB24AB34EC41B6F7BEA9FC6724F24041DF78A97381DB719900DB96

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02CD1D11
                                                                                                            • GetLastError.KERNEL32 ref: 02CD1D23
                                                                                                              • Part of subcall function 02CD1712: __EH_prolog.LIBCMT ref: 02CD1717
                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02CD1D59
                                                                                                            • GetLastError.KERNEL32 ref: 02CD1D6B
                                                                                                            • __beginthreadex.LIBCMT ref: 02CD1DB1
                                                                                                            • GetLastError.KERNEL32 ref: 02CD1DC6
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02CD1DDD
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02CD1DEC
                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CD1E14
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02CD1E1B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                                                                            • String ID: thread$thread.entry_event$thread.exit_event
                                                                                                            • API String ID: 831262434-3017686385
                                                                                                            • Opcode ID: c980d4d5d6175a0ff33ab621917463eda6f387763fb707a01df657213bffd4f8
                                                                                                            • Instruction ID: 6961020d64520759c3bc138b2f3c757379b483ad81756d0538d779fd013e83c2
                                                                                                            • Opcode Fuzzy Hash: c980d4d5d6175a0ff33ab621917463eda6f387763fb707a01df657213bffd4f8
                                                                                                            • Instruction Fuzzy Hash: 76315C71A003019FD700EF24C848B2BBBA9FF84791F15492EFA598B290DB709949CFD2

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CD4D8B
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD4DB7
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD4DC3
                                                                                                              • Part of subcall function 02CD4BED: __EH_prolog.LIBCMT ref: 02CD4BF2
                                                                                                              • Part of subcall function 02CD4BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02CD4CF2
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD4E93
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD4E99
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD4EA0
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD4EA6
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD50A7
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD50AD
                                                                                                            • RtlEnterCriticalSection.NTDLL(02D04FC8), ref: 02CD50B8
                                                                                                            • RtlLeaveCriticalSection.NTDLL(02D04FC8), ref: 02CD50C1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                                                            • String ID:
                                                                                                            • API String ID: 2062355503-0
                                                                                                            • Opcode ID: fc0096c1612f2affca096f016c6eb44b0717ad378b04d51142e033f940fc98d8
                                                                                                            • Instruction ID: f0e2d243e6c1ff3141e750cce7ffbd51229f01c0e46069d24d77e240560460af
                                                                                                            • Opcode Fuzzy Hash: fc0096c1612f2affca096f016c6eb44b0717ad378b04d51142e033f940fc98d8
                                                                                                            • Instruction Fuzzy Hash: 04B15871D0025DAFEF25DFA0D880BEEBBB5AF44304F10415AE60566280DBB46A89DFA1

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 715 401f64-401f84 FindResourceA 716 401f86-401f9d GetLastError SizeofResource 715->716 717 401f9f-401fa1 715->717 716->717 718 401fa6-401fec LoadResource LockResource GlobalAlloc call 402d60 * 2 716->718 719 402096-40209a 717->719 724 401fee-401ff9 718->724 724->724 725 401ffb-402003 GetTickCount 724->725 726 402032-402038 725->726 727 402005-402007 725->727 728 402053-402083 GlobalAlloc call 401c26 726->728 729 40203a-40204a 726->729 727->728 730 402009-40200f 727->730 735 402088-402093 728->735 731 40204c 729->731 732 40204e-402051 729->732 730->728 734 402011-402023 730->734 731->732 732->728 732->729 736 402025 734->736 737 402027-40202a 734->737 735->719 736->737 737->734 738 40202c-40202e 737->738 738->730 739 402030 738->739 739->728
                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                                                                            • GetLastError.KERNEL32 ref: 00401F86
                                                                                                            • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                                                                            • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                                                                            • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FBF
                                                                                                            • GetTickCount.KERNEL32 ref: 00401FFB
                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00402061
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                                                                            • String ID:
                                                                                                            • API String ID: 564119183-0
                                                                                                            • Opcode ID: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                                                            • Instruction ID: b01298f5e92dfabffd3260d40ec81ee59ee3d80feb476c4020a7475af27d6630
                                                                                                            • Opcode Fuzzy Hash: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                                                            • Instruction Fuzzy Hash: 60315C32900255EFDB105FB89F8896F7B68EF45344B10807AFA86F7281DA748941C7A8

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • RtlEnterCriticalSection.NTDLL(?), ref: 02CD2706
                                                                                                            • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02CD272B
                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02CF3163), ref: 02CD2738
                                                                                                              • Part of subcall function 02CD1712: __EH_prolog.LIBCMT ref: 02CD1717
                                                                                                            • SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02CD2778
                                                                                                            • RtlLeaveCriticalSection.NTDLL(?), ref: 02CD27D9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                            • String ID: timer
                                                                                                            • API String ID: 4293676635-1792073242
                                                                                                            • Opcode ID: 168dd7703458e04597c7407d1108c7ea78615372e319a0bbc837e897f2a951df
                                                                                                            • Instruction ID: 8e75997b15132e913751e6d78ff865a2433562fdc07162d9df6bd496bf43ebbb
                                                                                                            • Opcode Fuzzy Hash: 168dd7703458e04597c7407d1108c7ea78615372e319a0bbc837e897f2a951df
                                                                                                            • Instruction Fuzzy Hash: 8F31C1B1904701AFD350DF65D884B26BBE8FB48764F014A2EFA5583A80D770D900CFD2

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 791 2cd2b95-2cd2baf 792 2cd2bc7-2cd2bcb 791->792 793 2cd2bb1-2cd2bb9 call 2cdfb10 791->793 795 2cd2bcd-2cd2bd0 792->795 796 2cd2bdf 792->796 800 2cd2bbf-2cd2bc2 793->800 795->796 798 2cd2bd2-2cd2bdd call 2cdfb10 795->798 799 2cd2be2-2cd2c11 WSASetLastError WSARecv call 2cd94fe 796->799 798->800 805 2cd2c16-2cd2c1d 799->805 803 2cd2d30 800->803 806 2cd2d32-2cd2d38 803->806 807 2cd2c2c-2cd2c32 805->807 808 2cd2c1f-2cd2c2a call 2cdfb10 805->808 809 2cd2c34-2cd2c39 call 2cdfb10 807->809 810 2cd2c46-2cd2c48 807->810 819 2cd2c3f-2cd2c42 808->819 809->819 813 2cd2c4f-2cd2c60 call 2cdfb10 810->813 814 2cd2c4a-2cd2c4d 810->814 813->806 817 2cd2c66-2cd2c69 813->817 814->817 821 2cd2c6b-2cd2c6d 817->821 822 2cd2c73-2cd2c76 817->822 819->810 821->822 823 2cd2d22-2cd2d2d call 2cd1996 821->823 822->803 824 2cd2c7c-2cd2c9a call 2cdfb10 call 2cd166f 822->824 823->803 831 2cd2cbc-2cd2cfa WSASetLastError select call 2cd94fe 824->831 832 2cd2c9c-2cd2cba call 2cdfb10 call 2cd166f 824->832 838 2cd2cfc-2cd2d06 call 2cdfb10 831->838 839 2cd2d08 831->839 832->803 832->831 844 2cd2d19-2cd2d1d 838->844 842 2cd2d0a-2cd2d12 call 2cdfb10 839->842 843 2cd2d15-2cd2d17 839->843 842->843 843->803 843->844 844->799
                                                                                                            APIs
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD2BE4
                                                                                                            • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02CD2C07
                                                                                                              • Part of subcall function 02CD94FE: WSAGetLastError.WS2_32(00000000,?,?,02CD2A51), ref: 02CD950C
                                                                                                            • WSASetLastError.WS2_32 ref: 02CD2CD3
                                                                                                            • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02CD2CE7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$Recvselect
                                                                                                            • String ID: 3'
                                                                                                            • API String ID: 886190287-280543908
                                                                                                            • Opcode ID: 8700c40c90b8f34f46b1c4eab8b060c24af3a4eb48be98c6766b61b69561d911
                                                                                                            • Instruction ID: d08436c8fa19e93050e36fbe642199ed78a211073e884d81605cca709a2cfccb
                                                                                                            • Opcode Fuzzy Hash: 8700c40c90b8f34f46b1c4eab8b060c24af3a4eb48be98c6766b61b69561d911
                                                                                                            • Instruction Fuzzy Hash: 2F418BB1A083019FD7109F74C81476BBBE9AF84394F144D1EEADA87281EBB0D940CB92

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 899 2cd1ba7-2cd1bcf call 2cf2a00 RtlEnterCriticalSection 902 2cd1be9-2cd1bf7 RtlLeaveCriticalSection call 2cdd325 899->902 903 2cd1bd1 899->903 906 2cd1bfa-2cd1c20 RtlEnterCriticalSection 902->906 904 2cd1bd4-2cd1be0 call 2cd1b79 903->904 909 2cd1c55-2cd1c6e RtlLeaveCriticalSection 904->909 910 2cd1be2-2cd1be7 904->910 908 2cd1c34-2cd1c36 906->908 911 2cd1c38-2cd1c43 908->911 912 2cd1c22-2cd1c2f call 2cd1b79 908->912 910->902 910->904 914 2cd1c45-2cd1c4b 911->914 912->914 917 2cd1c31 912->917 914->909 916 2cd1c4d-2cd1c51 914->916 916->909 917->908
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CD1BAC
                                                                                                            • RtlEnterCriticalSection.NTDLL ref: 02CD1BBC
                                                                                                            • RtlLeaveCriticalSection.NTDLL ref: 02CD1BEA
                                                                                                            • RtlEnterCriticalSection.NTDLL ref: 02CD1C13
                                                                                                            • RtlLeaveCriticalSection.NTDLL ref: 02CD1C56
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 1633115879-0
                                                                                                            • Opcode ID: 7ff270b2ee6ffe3180e7cff150c9b6eb15e11441a64b7a31aeb8347b71606016
                                                                                                            • Instruction ID: a5aa62a723df4a2826958bf3e0e64ccddd27745546d2c032d029b912a9a4baa4
                                                                                                            • Opcode Fuzzy Hash: 7ff270b2ee6ffe3180e7cff150c9b6eb15e11441a64b7a31aeb8347b71606016
                                                                                                            • Instruction Fuzzy Hash: 4521BCB5A00604EFDB14CF68D444B9ABBB5FF88314F158949EE1997301D7B1EA05CBE0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 919 40d171-40d176 920 40d178-40d17f 919->920 921 40d10a-40d10e 919->921 926 40d181-40d190 920->926 927 40d152-40d161 920->927 922 40d24f-40d257 RegQueryValueExA 921->922 923 402d02-402d05 922->923 924 40d25d-40df7b RegOpenKeyExA 922->924 928 40dca0-40dcab RegCloseKey 923->928 935 40df81 924->935 929 40d192-40d1a4 926->929 930 40d1b7-40d1d8 926->930 932 40d163-40d16f 927->932 933 40d1d9 927->933 929->930 930->933 932->919 936 40d1db-40d217 933->936 936->922 937 40d51f-40d52d ShellExecuteExA 936->937 938 40d81a-40deee GlobalFree 937->938 941 40def4 938->941 941->941
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.KERNEL32(?,Common AppData), ref: 0040D24F
                                                                                                            Strings
                                                                                                            • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 0040D1A4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                                            • API String ID: 3660427363-2036018995
                                                                                                            • Opcode ID: d1409ce8a04974f07b35f483d05f6e81119043874a569f1d7135be82ee309a1c
                                                                                                            • Instruction ID: 78f1f3d2651f8922f1f2a01d89227eb1346f92508422d736d25cd9280e2fc7e1
                                                                                                            • Opcode Fuzzy Hash: d1409ce8a04974f07b35f483d05f6e81119043874a569f1d7135be82ee309a1c
                                                                                                            • Instruction Fuzzy Hash: 21317B32C086559BD7118F70DE843E67BB5EF45360F14863AC892B72E2C73A590ED798

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 942 2cd6b8a-2cd6b93 943 2cd6b95-2cd6ba5 942->943 944 2cd6bd0-2cd6bdb 942->944 947 2cd6ba7-2cd6bb1 943->947 948 2cd6b86 943->948 945 2cd6bdd-2cd6bf4 944->945 946 2cd6bb9 944->946 951 2cd6bce 945->951 952 2cd6bf6 945->952 949 2cd6b88-2cd6b89 946->949 950 2cd6bbb 946->950 947->946 953 2cd6b87 948->953 949->942 954 2cd6bbd-2cd6bc9 950->954 955 2cd6b42-2cd6b51 950->955 951->944 952->953 956 2cd6bf8 952->956 953->949 954->951 957 2cd6b5d 955->957 958 2cd6b58 call 2cd7ff8 955->958 959 2cd60e1-2cd60e3 957->959 958->957 960 2cd60ec-2cd60ee 959->960 961 2cd60e5-2cd60ea 959->961 962 2cd60fb-2cd6439 RtlEnterCriticalSection RtlLeaveCriticalSection 960->962 963 2cd60f0 960->963 964 2cd60f5 Sleep 961->964 968 2cd643b-2cd6441 962->968 969 2cd6455-2cd645f 962->969 963->964 964->962 971 2cd6447-2cd6454 call 2cd534d 968->971 972 2cd6443-2cd6445 968->972 969->959 970 2cd6465-2cd6489 call 2ce3750 call 2cd439c 969->970 970->959 979 2cd648f-2cd64ba RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce133c 970->979 971->969 972->969 982 2cd64bc-2cd64cb call 2ce133c 979->982 983 2cd6504-2cd651c call 2ce133c 979->983 982->983 990 2cd64cd-2cd64dc call 2ce133c 982->990 988 2cd67c3-2cd67d2 call 2ce133c 983->988 989 2cd6522-2cd6524 983->989 997 2cd67d4-2cd67d6 988->997 998 2cd6817-2cd6826 call 2ce133c 988->998 989->988 992 2cd652a-2cd65d5 call 2ce1fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2ce3750 * 5 call 2cd439c * 2 989->992 990->983 1000 2cd64de-2cd64ed call 2ce133c 990->1000 1044 2cd65d7-2cd65d9 992->1044 1045 2cd6612 992->1045 997->998 1002 2cd67d8-2cd6812 call 2ce3750 RtlEnterCriticalSection RtlLeaveCriticalSection 997->1002 1011 2cd6828-2cd6836 call 2cd5c02 call 2cd5d10 998->1011 1012 2cd683b-2cd684a call 2ce133c 998->1012 1000->983 1009 2cd64ef-2cd64fe call 2ce133c 1000->1009 1002->959 1009->959 1009->983 1011->959 1012->959 1022 2cd6850-2cd6852 1012->1022 1022->959 1025 2cd6858-2cd6871 call 2cd439c 1022->1025 1025->959 1032 2cd6877-2cd6946 call 2ce1418 call 2cd1ba7 1025->1032 1042 2cd694d-2cd696e RtlEnterCriticalSection 1032->1042 1043 2cd6948 call 2cd143f 1032->1043 1049 2cd697a-2cd69e1 RtlLeaveCriticalSection call 2cd3c67 call 2cd3d7e call 2cd7330 1042->1049 1050 2cd6970-2cd6977 1042->1050 1043->1042 1044->1045 1048 2cd65db-2cd65ed call 2ce133c 1044->1048 1046 2cd6616-2cd6644 call 2ce1fac call 2ce3750 call 2cd439c 1045->1046 1070 2cd6685-2cd668e call 2ce1f74 1046->1070 1071 2cd6646-2cd6655 call 2ce25e6 1046->1071 1048->1045 1059 2cd65ef-2cd6610 call 2cd439c 1048->1059 1068 2cd6b49-2cd6b58 call 2cd7ff8 1049->1068 1069 2cd69e7-2cd6a29 call 2cd971a 1049->1069 1050->1049 1059->1046 1068->957 1081 2cd6a2f-2cd6a36 1069->1081 1082 2cd6b13-2cd6b44 call 2cd73df call 2cd33b2 1069->1082 1079 2cd6694-2cd66ac call 2ce27b5 1070->1079 1080 2cd67b1-2cd67be 1070->1080 1071->1070 1083 2cd6657 1071->1083 1093 2cd66ae-2cd66b6 call 2cd872c 1079->1093 1094 2cd66b8 1079->1094 1080->959 1086 2cd6a39-2cd6a3e 1081->1086 1082->1068 1087 2cd665c-2cd666e call 2ce1850 1083->1087 1086->1086 1090 2cd6a40-2cd6a85 call 2cd971a 1086->1090 1100 2cd6670 1087->1100 1101 2cd6673-2cd6683 call 2ce25e6 1087->1101 1090->1082 1105 2cd6a8b-2cd6a91 1090->1105 1098 2cd66ba-2cd675e call 2cd9844 call 2cd3863 call 2cd5119 call 2cd3863 call 2cd9aea call 2cd9c04 1093->1098 1094->1098 1125 2cd6765-2cd6790 Sleep call 2ce08f0 1098->1125 1126 2cd6760 call 2cd380b 1098->1126 1100->1101 1101->1070 1101->1087 1108 2cd6a94-2cd6a99 1105->1108 1108->1108 1110 2cd6a9b-2cd6ad6 call 2cd971a 1108->1110 1110->1082 1116 2cd6ad8-2cd6b12 call 2cdc10c 1110->1116 1116->1082 1130 2cd679c-2cd67aa 1125->1130 1131 2cd6792-2cd679b call 2cd4100 1125->1131 1126->1125 1130->1080 1132 2cd67ac call 2cd380b 1130->1132 1131->1130 1132->1080
                                                                                                            Strings
                                                                                                            • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02CD611A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                                                            • API String ID: 0-1923541051
                                                                                                            • Opcode ID: 190a3cbcdc8fbf1d853a8a62d7e2cc4e3f1445aed9b4733f4650281f7ddb3a46
                                                                                                            • Instruction ID: c49c948adddeb8919a5710bd07a04269f480498ba469883c02423b37bd0def82
                                                                                                            • Opcode Fuzzy Hash: 190a3cbcdc8fbf1d853a8a62d7e2cc4e3f1445aed9b4733f4650281f7ddb3a46
                                                                                                            • Instruction Fuzzy Hash: 6D21783218D3809FD302DF70A94469A7FA4EB46204B95069ED7C58F2A3DB21D40AC7D1
                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32 ref: 00403336
                                                                                                              • Part of subcall function 00404454: HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                                                              • Part of subcall function 00404454: HeapDestroy.KERNEL32 ref: 004044A4
                                                                                                            • GetCommandLineA.KERNEL32 ref: 00403384
                                                                                                            • GetStartupInfoA.KERNEL32(?), ref: 004033AF
                                                                                                            • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004033D2
                                                                                                              • Part of subcall function 0040342B: ExitProcess.KERNEL32 ref: 00403448
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                            • String ID:
                                                                                                            • API String ID: 2057626494-0
                                                                                                            • Opcode ID: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                                                            • Instruction ID: a936b3102d24e78b19d7c169988c3063d29dd1dd2c17feae02d4b7387c8d63d1
                                                                                                            • Opcode Fuzzy Hash: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                                                            • Instruction Fuzzy Hash: 172183B1900615AED704AFB5DE45A6E7F68EF44705F10413EF901B72D2DB385900CB58
                                                                                                            APIs
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD2EEE
                                                                                                            • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02CD2EFD
                                                                                                            • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02CD2F0C
                                                                                                            • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02CD2F36
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$Socketsetsockopt
                                                                                                            • String ID:
                                                                                                            • API String ID: 2093263913-0
                                                                                                            • Opcode ID: 9f976c59da6a581f81e43e97d4f5f0765b1881f0cd712e448f55af67aac56ab6
                                                                                                            • Instruction ID: 424329c5a37982952a5feed4c62244c34ab6caeb67e1de13b81e6ac7666eab36
                                                                                                            • Opcode Fuzzy Hash: 9f976c59da6a581f81e43e97d4f5f0765b1881f0cd712e448f55af67aac56ab6
                                                                                                            • Instruction Fuzzy Hash: 70018871A00214BBDB205F65DC48B5B7BA9EB857B1F00CA69FB19CB141D77189008BA0
                                                                                                            APIs
                                                                                                              • Part of subcall function 02CD2D39: WSASetLastError.WS2_32(00000000), ref: 02CD2D47
                                                                                                              • Part of subcall function 02CD2D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02CD2D5C
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD2E6D
                                                                                                            • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02CD2E83
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$Sendselect
                                                                                                            • String ID: 3'
                                                                                                            • API String ID: 2958345159-280543908
                                                                                                            • Opcode ID: a4e6521691e8fe8f2fd6123e11d9d076e7ce24a904b331695b1e8ce5decedd4a
                                                                                                            • Instruction ID: 7a8a73f495de6dd93da8b33dc788717aeb78f02a9070fcbc84c919234c592170
                                                                                                            • Opcode Fuzzy Hash: a4e6521691e8fe8f2fd6123e11d9d076e7ce24a904b331695b1e8ce5decedd4a
                                                                                                            • Instruction Fuzzy Hash: 2031E0B0E00205AFDB10DF74D8147EEBBEAEF44364F04455ADE4593281E7719581DFA2
                                                                                                            APIs
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD2AEA
                                                                                                            • connect.WS2_32(?,?,?), ref: 02CD2AF5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastconnect
                                                                                                            • String ID: 3'
                                                                                                            • API String ID: 374722065-280543908
                                                                                                            • Opcode ID: edd4cf4cc9e5392b54e5f35b593b2006cdc23cb48eba9a4525731e740344f175
                                                                                                            • Instruction ID: b0b33391b66fa008b6f87c916a687c451a5bf3d6bcaec930ab126f42a64d8d69
                                                                                                            • Opcode Fuzzy Hash: edd4cf4cc9e5392b54e5f35b593b2006cdc23cb48eba9a4525731e740344f175
                                                                                                            • Instruction Fuzzy Hash: 2221C974E00204BBCF10EFB4D4146AEBBBAEF84364F04859ADE5997281DBB45A019F91
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.KERNEL32(?,Common AppData), ref: 0040D24F
                                                                                                            • RegCloseKey.KERNEL32(?), ref: 0040DCA0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseQueryValue
                                                                                                            • String ID: Common AppData
                                                                                                            • API String ID: 3356406503-2574214464
                                                                                                            • Opcode ID: 7fb426fbc1daea728e0292a6f56f5ffc517f2730cea52d2236219cd6951a695f
                                                                                                            • Instruction ID: b56edbcec1431f3f013adad2ea631c62a19a0754f6dc0b3eadc1950556951285
                                                                                                            • Opcode Fuzzy Hash: 7fb426fbc1daea728e0292a6f56f5ffc517f2730cea52d2236219cd6951a695f
                                                                                                            • Instruction Fuzzy Hash: 4FD05E30D48101EBCB015FE08F0EB6E7A70AE543407218437A512B00E0CBFCA90AF61E
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog
                                                                                                            • String ID:
                                                                                                            • API String ID: 3519838083-0
                                                                                                            • Opcode ID: 9d9f3c5c9cbfbf3d2585ed3387cb37055acd1231521a378fa9d90d24330d4112
                                                                                                            • Instruction ID: 591b89046c4863798c628cd83c761abe40ecccdd96971377b41064ccd127f14a
                                                                                                            • Opcode Fuzzy Hash: 9d9f3c5c9cbfbf3d2585ed3387cb37055acd1231521a378fa9d90d24330d4112
                                                                                                            • Instruction Fuzzy Hash: 7B515FB5904246DFCB04DF68D4507AABBB1FF48320F14815EEA699B380D774DA11CF91
                                                                                                            APIs
                                                                                                            • __beginthreadex.LIBCMT ref: 02CE1106
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02CD997E,00000000), ref: 02CE1137
                                                                                                            • ResumeThread.KERNEL32(?,?,?,?,?,00000002,02CD997E,00000000), ref: 02CE1145
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleResumeThread__beginthreadex
                                                                                                            • String ID:
                                                                                                            • API String ID: 1685284544-0
                                                                                                            • Opcode ID: 78feb7258b60b47292c209f1266166cbac91ffbdc5edb568d5ba2f2505f70222
                                                                                                            • Instruction ID: 0c8f1511f6b5ce0ec2b869432b80e24a0b92e5b306d56cc0203e26398a7cd432
                                                                                                            • Opcode Fuzzy Hash: 78feb7258b60b47292c209f1266166cbac91ffbdc5edb568d5ba2f2505f70222
                                                                                                            • Instruction Fuzzy Hash: 24F068713402009BDB209E58DC84F9573E8AF89725F18056AF659D7280C7B1AC629AD0
                                                                                                            APIs
                                                                                                            • InterlockedIncrement.KERNEL32(02D0529C), ref: 02CD1ABA
                                                                                                            • WSAStartup.WS2_32(00000002,00000000), ref: 02CD1ACB
                                                                                                            • InterlockedExchange.KERNEL32(02D052A0,00000000), ref: 02CD1AD7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Interlocked$ExchangeIncrementStartup
                                                                                                            • String ID:
                                                                                                            • API String ID: 1856147945-0
                                                                                                            • Opcode ID: e62fd0b6534f5b91787a28e5c5c9ba82c7414ebf048b1e45f4f65b9d2183be7a
                                                                                                            • Instruction ID: b5aab72843a872a1bbf1800670262783ce856a4e3af03befe4e6af02ffdfb228
                                                                                                            • Opcode Fuzzy Hash: e62fd0b6534f5b91787a28e5c5c9ba82c7414ebf048b1e45f4f65b9d2183be7a
                                                                                                            • Instruction Fuzzy Hash: 1FD05B31D846045BE21066A07D4EB78775CE709716FC00751FF59C45C0EA91692485E6
                                                                                                            APIs
                                                                                                            • DeleteFileA.KERNEL32(2D396D40), ref: 02D3C21B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DeleteFile
                                                                                                            • String ID: ([wO
                                                                                                            • API String ID: 4033686569-2721458860
                                                                                                            • Opcode ID: f4f15dbc9dbfdfeeff2d6407ee082574d23fa3484512b7124d145fd0e46dc967
                                                                                                            • Instruction ID: d651531334f5c02c69f1f7499557ad1f0c3670548dd5375c7697462b1fe48d27
                                                                                                            • Opcode Fuzzy Hash: f4f15dbc9dbfdfeeff2d6407ee082574d23fa3484512b7124d145fd0e46dc967
                                                                                                            • Instruction Fuzzy Hash: C2217FF251C600AFE318AF08E88177EB7E4EF94310F15882EE2C587754EA35A8418B97
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CD4BF2
                                                                                                              • Part of subcall function 02CD1BA7: __EH_prolog.LIBCMT ref: 02CD1BAC
                                                                                                              • Part of subcall function 02CD1BA7: RtlEnterCriticalSection.NTDLL ref: 02CD1BBC
                                                                                                              • Part of subcall function 02CD1BA7: RtlLeaveCriticalSection.NTDLL ref: 02CD1BEA
                                                                                                              • Part of subcall function 02CD1BA7: RtlEnterCriticalSection.NTDLL ref: 02CD1C13
                                                                                                              • Part of subcall function 02CD1BA7: RtlLeaveCriticalSection.NTDLL ref: 02CD1C56
                                                                                                              • Part of subcall function 02CDD0ED: __EH_prolog.LIBCMT ref: 02CDD0F2
                                                                                                              • Part of subcall function 02CDD0ED: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02CDD171
                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 02CD4CF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1927618982-0
                                                                                                            • Opcode ID: 1085033bde0039e567a8b21774dea38c74d2cfd897080d51a372db1a8388fd98
                                                                                                            • Instruction ID: c9e862e52116392baca9d5fa021f3ec62de91cbabad279fe1b3c807d6d6a3726
                                                                                                            • Opcode Fuzzy Hash: 1085033bde0039e567a8b21774dea38c74d2cfd897080d51a372db1a8388fd98
                                                                                                            • Instruction Fuzzy Hash: BD512871D04248DFDB15DFA8C484AEEFBB5EF48314F14816AEA05AB351EB309A44CFA1
                                                                                                            APIs
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD2D47
                                                                                                            • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02CD2D5C
                                                                                                              • Part of subcall function 02CD94FE: WSAGetLastError.WS2_32(00000000,?,?,02CD2A51), ref: 02CD950C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$Send
                                                                                                            • String ID:
                                                                                                            • API String ID: 1282938840-0
                                                                                                            • Opcode ID: f9970d4c9993b77dc042603ead185ef7d022c809de7af9880abe119387a82426
                                                                                                            • Instruction ID: 23f3d4305c1ba016f11ef0959f92bb770ab7740144205aaccd1b1cd010f870bd
                                                                                                            • Opcode Fuzzy Hash: f9970d4c9993b77dc042603ead185ef7d022c809de7af9880abe119387a82426
                                                                                                            • Instruction Fuzzy Hash: 4C0184B5504205BFD7205F95D88496BBBEDFF857A4720492FEA9983200DB709D00DB62
                                                                                                            APIs
                                                                                                            • WSASetLastError.WS2_32(00000000), ref: 02CD73FC
                                                                                                            • shutdown.WS2_32(?,00000002), ref: 02CD7405
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastshutdown
                                                                                                            • String ID:
                                                                                                            • API String ID: 1920494066-0
                                                                                                            • Opcode ID: e547430ee82dfb49be18fc2f0a16a60ac9f95a16e7815af2206a5ed64bc339b7
                                                                                                            • Instruction ID: ef79ee4bd224cadb79e86bf333149dcc7f3739029d86a3727a32f274baf83d95
                                                                                                            • Opcode Fuzzy Hash: e547430ee82dfb49be18fc2f0a16a60ac9f95a16e7815af2206a5ed64bc339b7
                                                                                                            • Instruction Fuzzy Hash: C3F06D31A043109FC7109F14E810B5AB7E5AF49361F008919EA9697380D730B8108B91
                                                                                                            APIs
                                                                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                                                              • Part of subcall function 0040430C: GetVersionExA.KERNEL32 ref: 0040432B
                                                                                                            • HeapDestroy.KERNEL32 ref: 004044A4
                                                                                                              • Part of subcall function 0040482B: HeapAlloc.KERNEL32(00000000,00000140,0040448D,000003F8), ref: 00404838
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$AllocCreateDestroyVersion
                                                                                                            • String ID:
                                                                                                            • API String ID: 2507506473-0
                                                                                                            • Opcode ID: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                                                            • Instruction ID: 6792b556898a49359456169ba0c82f011abfeecbff717d74d0c7f117a7ac5838
                                                                                                            • Opcode Fuzzy Hash: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                                                            • Instruction Fuzzy Hash: 90F065F0A01302DAEB206B70AE4572A3695DBC0755F20483BFA04F51E0EA788884A91D
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CD511E
                                                                                                              • Part of subcall function 02CD3D7E: htons.WS2_32(?), ref: 02CD3DA2
                                                                                                              • Part of subcall function 02CD3D7E: htonl.WS2_32(00000000), ref: 02CD3DB9
                                                                                                              • Part of subcall function 02CD3D7E: htonl.WS2_32(00000000), ref: 02CD3DC0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: htonl$H_prologhtons
                                                                                                            • String ID:
                                                                                                            • API String ID: 4039807196-0
                                                                                                            • Opcode ID: 5ed2ffd6ced57bce148a83397e4b6f63a03b44189e6921a4011a1e4fbaf20d9d
                                                                                                            • Instruction ID: bed36fac1ec1140c6915d151d65c80a78abf56665db02b4452284ae881104fae
                                                                                                            • Opcode Fuzzy Hash: 5ed2ffd6ced57bce148a83397e4b6f63a03b44189e6921a4011a1e4fbaf20d9d
                                                                                                            • Instruction Fuzzy Hash: 3D8147B5D0424ECFCF05DFA8D480AEEBBB5AF48314F10819AD955B7240EB365A05CFA5
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: eecb551869ef9341ae9c335bc92973e5ecdb522bc2ed8bfc5995bbe1cec3f595
                                                                                                            • Instruction ID: d87b3e3be76604036aa07c9e5980538c01e90a2de0bb04ddf91cfab4757fcc0b
                                                                                                            • Opcode Fuzzy Hash: eecb551869ef9341ae9c335bc92973e5ecdb522bc2ed8bfc5995bbe1cec3f595
                                                                                                            • Instruction Fuzzy Hash: BD4182F250C604AFE305BF19DC85BBABBE5EF94720F06492DE6C4C3704EA3558408A97
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(?,?,?,?), ref: 02D58B10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 095d3a86a41557f6f134c9100083b9d41b93400c5a1695c9e30cc3b70000ddb9
                                                                                                            • Instruction ID: cd94eedb63b69cc9ce36eb9476fda7d45bafb7ffaff2763cef4c6a67a7ef4f14
                                                                                                            • Opcode Fuzzy Hash: 095d3a86a41557f6f134c9100083b9d41b93400c5a1695c9e30cc3b70000ddb9
                                                                                                            • Instruction Fuzzy Hash: D63104F250CA10AFE715AF09E88176AFBE4EF58710F06492DEBC883750D6319850CB9B
                                                                                                            APIs
                                                                                                            • CreateFileA.KERNEL32(?,?,?,?), ref: 02D58B10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 57183e26e057071ee188185261dbba171f5f63088ab43abbf62ce1a2e9056d3b
                                                                                                            • Instruction ID: 348557a3f83052002008f396b91fb93fb39d3af629ecff516be3761a76988476
                                                                                                            • Opcode Fuzzy Hash: 57183e26e057071ee188185261dbba171f5f63088ab43abbf62ce1a2e9056d3b
                                                                                                            • Instruction Fuzzy Hash: A021F4B151CA009FE715AF19E8C576AFBE9FF58300F46492DEAC487710E6315850CB9B
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CDD9BB
                                                                                                              • Part of subcall function 02CD1A01: TlsGetValue.KERNEL32 ref: 02CD1A0A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: H_prologValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3700342317-0
                                                                                                            • Opcode ID: 79c2c44da4a7f793c1554da11f0ff9e2e5184b60def30d3aace9f3ac17c50278
                                                                                                            • Instruction ID: 14fca0251951031ee2166752482d6ff68c7f2428f5cc662514856189d6ec3ac6
                                                                                                            • Opcode Fuzzy Hash: 79c2c44da4a7f793c1554da11f0ff9e2e5184b60def30d3aace9f3ac17c50278
                                                                                                            • Instruction Fuzzy Hash: E22131B2D04249AFDB04DFA5D440AFEBBF9FF49314F14815EEA09A7240D771AA01DBA1
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileInternetRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 778332206-0
                                                                                                            • Opcode ID: 0742d766891b529a470b66d4a9fc5513a909d984f418e002ef769a53c73412f2
                                                                                                            • Instruction ID: 6b7d6879039c0ab6bb21a7a2af4b064a2cbfada6fe7db9bfd7faf60cfb1f352d
                                                                                                            • Opcode Fuzzy Hash: 0742d766891b529a470b66d4a9fc5513a909d984f418e002ef769a53c73412f2
                                                                                                            • Instruction Fuzzy Hash: A10180B240C7049FE7087E69EC8967AFBE4EF59710F12852DE2C047644EA74A8448AD7
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CopyFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 1304948518-0
                                                                                                            • Opcode ID: 0bf946799e28dabf71ce178a3788fdc4e2c2401dfe351f036eccd73f05517e05
                                                                                                            • Instruction ID: be7d52d85c0d79c76acb35c1ee0036e51c1adcc54994dfd53098bc7bceb5933f
                                                                                                            • Opcode Fuzzy Hash: 0bf946799e28dabf71ce178a3788fdc4e2c2401dfe351f036eccd73f05517e05
                                                                                                            • Instruction Fuzzy Hash: 6EF09EB2604459AFDB088779BDB5AF77BECC719361F014178B683B31D2D1340849DBA5
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CDD54B
                                                                                                              • Part of subcall function 02CD26DB: RtlEnterCriticalSection.NTDLL(?), ref: 02CD2706
                                                                                                              • Part of subcall function 02CD26DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02CD272B
                                                                                                              • Part of subcall function 02CD26DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02CF3163), ref: 02CD2738
                                                                                                              • Part of subcall function 02CD26DB: SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02CD2778
                                                                                                              • Part of subcall function 02CD26DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02CD27D9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                                                            • String ID:
                                                                                                            • API String ID: 4293676635-0
                                                                                                            • Opcode ID: b7656e6569105aee57d2dda69f6248d951bcbad414c0157ee4d5ed0c2be2eb55
                                                                                                            • Instruction ID: 1d3dbbaba483848cb01c13bb4a66a0575c7358cf65ac1937d61fe13c200962f2
                                                                                                            • Opcode Fuzzy Hash: b7656e6569105aee57d2dda69f6248d951bcbad414c0157ee4d5ed0c2be2eb55
                                                                                                            • Instruction Fuzzy Hash: EA0193F1900B049FC368CF1AC540946FBF5EF88314B15C5AE95498B722E771D940CF94
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LocalTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 481472006-0
                                                                                                            • Opcode ID: 473032ac56c0edcb2a817ada094dbdb6c77fedae1932700863a7a3ddd3f60ff4
                                                                                                            • Instruction ID: 17df461c73795f9fa62887fde36be499ba974af5f892d405074d8ab2cf89a333
                                                                                                            • Opcode Fuzzy Hash: 473032ac56c0edcb2a817ada094dbdb6c77fedae1932700863a7a3ddd3f60ff4
                                                                                                            • Instruction Fuzzy Hash: 34F02479D141618BC315AB30AF297E63BA0E305B20B04033AEAC2F76E3C7B84D059748
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3934441357-0
                                                                                                            • Opcode ID: edbef57e477a71ed70b8a9bd8daa3f729bd9c179bdd83b8732fee8c91e808de3
                                                                                                            • Instruction ID: 18ed11f8ef3528c266aadc81d2449aab6d0ae11ed6561bdf7b038a0d8b499fba
                                                                                                            • Opcode Fuzzy Hash: edbef57e477a71ed70b8a9bd8daa3f729bd9c179bdd83b8732fee8c91e808de3
                                                                                                            • Instruction Fuzzy Hash: F0E086769486109FE742D52AC84472DB7A3AFC9A40F52C51992C88B608DE35441545D1
                                                                                                            APIs
                                                                                                            • __EH_prolog.LIBCMT ref: 02CDD32A
                                                                                                              • Part of subcall function 02CE27B5: _malloc.LIBCMT ref: 02CE27CD
                                                                                                              • Part of subcall function 02CDD546: __EH_prolog.LIBCMT ref: 02CDD54B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog$_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 4254904621-0
                                                                                                            • Opcode ID: 81213560b4aabbcd2ccf79e18f6e7a02535000d06a992f8a98ad02b9efa72649
                                                                                                            • Instruction ID: a2361869f6d71edfd815d25f26a2d48ae7dffa01cb4c14325a10475868eb4b82
                                                                                                            • Opcode Fuzzy Hash: 81213560b4aabbcd2ccf79e18f6e7a02535000d06a992f8a98ad02b9efa72649
                                                                                                            • Instruction Fuzzy Hash: 58E0C2B1E00245ABDF8CEF68DC1176DB7B6EB84300F0041ADBD0AD2340EF309A009A01
                                                                                                            APIs
                                                                                                              • Part of subcall function 02CE48BA: __getptd_noexit.LIBCMT ref: 02CE48BB
                                                                                                              • Part of subcall function 02CE48BA: __amsg_exit.LIBCMT ref: 02CE48C8
                                                                                                              • Part of subcall function 02CE2493: __getptd_noexit.LIBCMT ref: 02CE2497
                                                                                                              • Part of subcall function 02CE2493: __freeptd.LIBCMT ref: 02CE24B1
                                                                                                              • Part of subcall function 02CE2493: RtlExitUserThread.NTDLL(?,00000000,?,02CE2473,00000000), ref: 02CE24BA
                                                                                                            • __XcptFilter.LIBCMT ref: 02CE247F
                                                                                                              • Part of subcall function 02CE7944: __getptd_noexit.LIBCMT ref: 02CE7948
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                                                                            • String ID:
                                                                                                            • API String ID: 1405322794-0
                                                                                                            • Opcode ID: 20ef6247d1697ad7a4777f793a04a8a774d227fc1403f46768ec5c2f002f6023
                                                                                                            • Instruction ID: f303767a3bbefca8ce79f7d9a6374f8f07eb00b1a17d84b42df887b0062d761e
                                                                                                            • Opcode Fuzzy Hash: 20ef6247d1697ad7a4777f793a04a8a774d227fc1403f46768ec5c2f002f6023
                                                                                                            • Instruction Fuzzy Hash: B4E0ECB59006409FEF18ABA4D949F6D77AAEF04311F200498E1029B2A1DA74A944FE25
                                                                                                            APIs
                                                                                                            • RegQueryValueExA.KERNEL32(?,Common AppData), ref: 0040D24F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: QueryValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3660427363-0
                                                                                                            • Opcode ID: 7e365ee754354f7e7fdc6e846a87b3091bdd5ed6e42f43f651651090f06dfbc2
                                                                                                            • Instruction ID: ccdc91a9fd20e400ce6b2fe0d7b3789badde77d26290f937d59154620e49623b
                                                                                                            • Opcode Fuzzy Hash: 7e365ee754354f7e7fdc6e846a87b3091bdd5ed6e42f43f651651090f06dfbc2
                                                                                                            • Instruction Fuzzy Hash: 16D0A720984621DDCB179AE04A0C7673916A9D0364B3654375416B36D1EF78C90F6179
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Create
                                                                                                            • String ID:
                                                                                                            • API String ID: 2289755597-0
                                                                                                            • Opcode ID: 8e9bf35af8a4a033b83d167184e8cfbd6c35f971a5b34edfb285b669b7e0d08e
                                                                                                            • Instruction ID: b1f4734473a9bf99f677c6b4891aeeb61c73ba9f0efb162166277ed58f2dec1e
                                                                                                            • Opcode Fuzzy Hash: 8e9bf35af8a4a033b83d167184e8cfbd6c35f971a5b34edfb285b669b7e0d08e
                                                                                                            • Instruction Fuzzy Hash: 0DE0C231908944DBC6004B70FF55BE137B55B11320F140176A6E6361F3D2754E079A0C
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectory
                                                                                                            • String ID:
                                                                                                            • API String ID: 4241100979-0
                                                                                                            • Opcode ID: c7f2931bae8ced0ef8d04e57fc608a9a22d7688aed52034085a3b275c54fa888
                                                                                                            • Instruction ID: c69a753baf1f0e3215b43618e79bb5b3c1ef9b61af051a77408c13a941691e87
                                                                                                            • Opcode Fuzzy Hash: c7f2931bae8ced0ef8d04e57fc608a9a22d7688aed52034085a3b275c54fa888
                                                                                                            • Instruction Fuzzy Hash: 5ED0C970849415A6D1116A914D4ADA9252CAF2A38AB604077E007740C25ABE4B0A55BF
                                                                                                            APIs
                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000), ref: 0040DA7F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 1029625771-0
                                                                                                            • Opcode ID: 8d3fbdeb9b5e9020e4c44e14a7eacee0b11f97fe52ff3575077653e0dac1fdc5
                                                                                                            • Instruction ID: 2d06c348b4b4d8bc5f4e0cebcdf0c622ab67855ff40dcde7de2d6608d4a7c495
                                                                                                            • Opcode Fuzzy Hash: 8d3fbdeb9b5e9020e4c44e14a7eacee0b11f97fe52ff3575077653e0dac1fdc5
                                                                                                            • Instruction Fuzzy Hash: B4C01274A08212EBC700EFA0DD40BA53FA07B04340F1041329942A6194C3388547AB06
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: 4444665d6fa8f2504967b8ad7925185f6564cdd816bfc9c508967ec05ffacf61
                                                                                                            • Instruction ID: 66d212404691b7b3d12b4cf143c673829a431b88c72c70207ed8f08321cc64ae
                                                                                                            • Opcode Fuzzy Hash: 4444665d6fa8f2504967b8ad7925185f6564cdd816bfc9c508967ec05ffacf61
                                                                                                            • Instruction Fuzzy Hash: 21C01225C18880C7C2054770BB25AE17B7157163207281665A1B6371EBC6754C06A64C
                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.KERNEL32(80000002), ref: 0040DF73
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Open
                                                                                                            • String ID:
                                                                                                            • API String ID: 71445658-0
                                                                                                            • Opcode ID: a4ca91375b1ae48df5b0da444fc155f7a749ab565cde4b5011a20c6dbe2ae2cb
                                                                                                            • Instruction ID: 3535159792f43f07d187204692f948a6355b95b3004a34c1134e5b9aebebd85c
                                                                                                            • Opcode Fuzzy Hash: a4ca91375b1ae48df5b0da444fc155f7a749ab565cde4b5011a20c6dbe2ae2cb
                                                                                                            • Instruction Fuzzy Hash: EBC09B70604006D5E7445AF18F4CE7762A4AB00344F21587BD423F11D0E77CC90DE55F
                                                                                                            APIs
                                                                                                            • SHGetSpecialFolderPathA.SHELL32 ref: 02D0CFA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002D08000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D08000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2d08000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FolderPathSpecial
                                                                                                            • String ID:
                                                                                                            • API String ID: 994120019-0
                                                                                                            • Opcode ID: ab530953b9674f1c2b900e7f52bd35ace291db69849b76e641d36c8e31b7c0db
                                                                                                            • Instruction ID: addbbffd3d3327da17226b7368543f4aa00f7fd60c4a44f6b4724511ff21dbd9
                                                                                                            • Opcode Fuzzy Hash: ab530953b9674f1c2b900e7f52bd35ace291db69849b76e641d36c8e31b7c0db
                                                                                                            • Instruction Fuzzy Hash: 7AC08C70C0C000CFC6454A20C498FF93FB4EE003043408882E9D312361A710EC2ECE00
                                                                                                            APIs
                                                                                                            • RegSetValueExA.KERNEL32(?), ref: 0040DCE6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value
                                                                                                            • String ID:
                                                                                                            • API String ID: 3702945584-0
                                                                                                            • Opcode ID: 6fb5030cd6d02b56b4f4ee684287976b82e9531fbc7d777f7057e3647383cb56
                                                                                                            • Instruction ID: 8635ef17eb87a6fa1683b5c13994e317c9430567dcd03a3e9d2935e20f46cfb9
                                                                                                            • Opcode Fuzzy Hash: 6fb5030cd6d02b56b4f4ee684287976b82e9531fbc7d777f7057e3647383cb56
                                                                                                            • Instruction Fuzzy Hash: AFC00235C44518EBDB025F80EE444ADBB31FB94301F2081B9E596704B4CB750569EB09
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ManagerOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1889721586-0
                                                                                                            • Opcode ID: d33c57a1c550a21814bb0d0fc188fc6680594cae9ec31c7a46f1f268c448e4ef
                                                                                                            • Instruction ID: 25e1d9e9ad01641672f70a648d400c2c205f88fe579fe882400fd4a0b89cadbd
                                                                                                            • Opcode Fuzzy Hash: d33c57a1c550a21814bb0d0fc188fc6680594cae9ec31c7a46f1f268c448e4ef
                                                                                                            • Instruction Fuzzy Hash: 239002201144128AC6900E145B9D018366351403163610439D686E00E1CA745449B51E
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CopyFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 1304948518-0
                                                                                                            • Opcode ID: 5a7f7034557199b2680d4462fdba19ae2dda59a6c23bbc44dfa5c954e8afdf10
                                                                                                            • Instruction ID: e8b56d19b771765b7ca581a4eb69960d085d1c3f4a7590a9df08b4ab2132a189
                                                                                                            • Opcode Fuzzy Hash: 5a7f7034557199b2680d4462fdba19ae2dda59a6c23bbc44dfa5c954e8afdf10
                                                                                                            • Instruction Fuzzy Hash: 2B9002302081019AE2011A215B4C719276855046C531548796447E0090DE74844D651D
                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,0040909C), ref: 0040D483
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 3ce7008aae3c15e0f6c62bd7475aff4cc5e106e967eb0c4da6065f06007ace48
                                                                                                            • Instruction ID: 3b0c9903b405788c4f8ba55d98c9f62a753efd871ddeee4c855e80a4a272a624
                                                                                                            • Opcode Fuzzy Hash: 3ce7008aae3c15e0f6c62bd7475aff4cc5e106e967eb0c4da6065f06007ace48
                                                                                                            • Instruction Fuzzy Hash: 6F012B31D00614BBE7205E64CD46B9A7779BB04B44F51403DEE15371C1C3B8AC5987D6
                                                                                                            APIs
                                                                                                              • Part of subcall function 02CE0610: OpenEventA.KERNEL32(00100002,00000000,00000000,2FB53FF0), ref: 02CE06B0
                                                                                                              • Part of subcall function 02CE0610: CloseHandle.KERNEL32(00000000), ref: 02CE06C5
                                                                                                              • Part of subcall function 02CE0610: ResetEvent.KERNEL32(00000000,2FB53FF0), ref: 02CE06CF
                                                                                                              • Part of subcall function 02CE0610: CloseHandle.KERNEL32(00000000,2FB53FF0), ref: 02CE0704
                                                                                                            • TlsSetValue.KERNEL32(00000029,?), ref: 02CE11AA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3480406600.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CD1000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_2cd1000_videominimizer32.jbxd
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CloseEventHandle$OpenResetValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 1556185888-0
                                                                                                            • Opcode ID: e38f207751855fc954985b62fc4677e5d663ca2f181f91857dd70bfef21f610c
                                                                                                            • Instruction ID: dbb61ac663503e72bc9aa788dbca74106f55bb979d4bdb2aadedfd592374de76
                                                                                                            • Opcode Fuzzy Hash: e38f207751855fc954985b62fc4677e5d663ca2f181f91857dd70bfef21f610c
                                                                                                            • Instruction Fuzzy Hash: C3018F71A44604ABDB10CF98DC45F5ABBACEB05771F104B2AF92AE3790D775A9108AE0
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 1586166983-0
                                                                                                            • Opcode ID: 0fdbab3f11f60dd5e360b8eafbe38feaba4c970d5c95eeb566e8d1342a049495
                                                                                                            • Instruction ID: 281a21d4a294a1b2aaf0c05ee390f5ed9614b0b6553d6177e11b6688c48433d1
                                                                                                            • Opcode Fuzzy Hash: 0fdbab3f11f60dd5e360b8eafbe38feaba4c970d5c95eeb566e8d1342a049495
                                                                                                            • Instruction Fuzzy Hash: 3DC01230E48001EAE7045BD19F08A352A746A1074073284BBA403761D2D77D9F0A7A1E
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3475854172.0000000000400000.00000040.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3475854172.000000000040B000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_400000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 3472027048-0
                                                                                                            • Opcode ID: 8e4869885fb9d836e5875faa4fa33833557a1e0cdd57285ae0ad36391342807a
                                                                                                            • Instruction ID: eb94e4fe04d3d04e03cabf1a69d09960326077b20c4ce6e058a3003746771e35
                                                                                                            • Opcode Fuzzy Hash: 8e4869885fb9d836e5875faa4fa33833557a1e0cdd57285ae0ad36391342807a
                                                                                                            • Instruction Fuzzy Hash: 1FB01230504400E7C10007606F0CB1039206300308F240036A70A700E08675044A6A0E
                                                                                                            APIs
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 609674C6
                                                                                                              • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096755A
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6096783A
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 609678A8
                                                                                                            • sqlite3_column_bytes.SQLITE3 ref: 609678E8
                                                                                                            • sqlite3_column_blob.SQLITE3 ref: 60967901
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 6096791A
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60967931
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60967950
                                                                                                            • sqlite3_step.SQLITE3 ref: 609679C3
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 60967AA9
                                                                                                            • sqlite3_step.SQLITE3 ref: 60967AB4
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 60967AC7
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60967AD4
                                                                                                            • sqlite3_bind_int.SQLITE3 ref: 60967B89
                                                                                                            • sqlite3_step.SQLITE3 ref: 60967B94
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60967BB0
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60967BCF
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60967BE6
                                                                                                            • sqlite3_column_bytes.SQLITE3 ref: 60967C05
                                                                                                            • sqlite3_column_blob.SQLITE3 ref: 60967C1E
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED50
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 60967C72
                                                                                                            • sqlite3_step.SQLITE3 ref: 60967C7D
                                                                                                            • memcmp.MSVCRT ref: 60967D4C
                                                                                                            • sqlite3_free.SQLITE3 ref: 60967D69
                                                                                                            • sqlite3_free.SQLITE3 ref: 60967D74
                                                                                                            • sqlite3_free.SQLITE3 ref: 60967FF7
                                                                                                            • sqlite3_free.SQLITE3 ref: 60968002
                                                                                                              • Part of subcall function 609634F0: sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                              • Part of subcall function 609634F0: sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                              • Part of subcall function 609634F0: sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                              • Part of subcall function 609634F0: sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                              • Part of subcall function 609634F0: sqlite3_free.SQLITE3 ref: 60963621
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60967C93
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60967CA7
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60968035
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 60967B72
                                                                                                              • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6096809D
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 609680C6
                                                                                                            • sqlite3_step.SQLITE3 ref: 609680D1
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 609680F3
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60968104
                                                                                                            • sqlite3_step.SQLITE3 ref: 60968139
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 60968151
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6096818A
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED2B
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_bind_value.SQLITE3 ref: 6095EDDF
                                                                                                            • sqlite3_reset.SQLITE3 ref: 609679E9
                                                                                                              • Part of subcall function 609160CD: sqlite3_realloc.SQLITE3 ref: 609160EF
                                                                                                            • sqlite3_column_bytes.SQLITE3 ref: 60967587
                                                                                                              • Part of subcall function 6091D5DC: sqlite3_value_bytes.SQLITE3 ref: 6091D5F4
                                                                                                            • sqlite3_column_blob.SQLITE3 ref: 60967572
                                                                                                              • Part of subcall function 6091D57E: sqlite3_value_blob.SQLITE3 ref: 6091D596
                                                                                                            • sqlite3_reset.SQLITE3 ref: 609675B7
                                                                                                            • sqlite3_bind_int.SQLITE3 ref: 60967641
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096764C
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 6096766E
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6096768B
                                                                                                            • sqlite3_bind_int.SQLITE3 ref: 6096754F
                                                                                                              • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                            • sqlite3_bind_int.SQLITE3 ref: 609690B2
                                                                                                            • sqlite3_bind_blob.SQLITE3 ref: 609690DB
                                                                                                            • sqlite3_step.SQLITE3 ref: 609690E6
                                                                                                            • sqlite3_reset.SQLITE3 ref: 609690F1
                                                                                                            • sqlite3_free.SQLITE3 ref: 60969102
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096910D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_reset$sqlite3_step$sqlite3_column_int64sqlite3_free$sqlite3_bind_int64$sqlite3_bind_int$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mprintf$sqlite3_column_intsqlite3_mutex_leave$memcmpsqlite3_bind_blobsqlite3_bind_valuesqlite3_blob_bytessqlite3_blob_readsqlite3_blob_reopensqlite3_initializesqlite3_mutex_entersqlite3_prepare_v2sqlite3_reallocsqlite3_value_blobsqlite3_value_bytes
                                                                                                            • String ID: $d
                                                                                                            • API String ID: 2451604321-2084297493
                                                                                                            • Opcode ID: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                            • Instruction ID: 6b7ea73e19bc996eb6a422b8fcf26663d3cb25e4dd91ceba81a4d6a678ae72ab
                                                                                                            • Opcode Fuzzy Hash: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                                                            • Instruction Fuzzy Hash: 2CF2CF74A152288FDB54CF68C980B9EBBF2BF69304F1185A9E888A7341D774ED85CF41
                                                                                                            APIs
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6096A64C
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6096A656
                                                                                                            • sqlite3_strnicmp.SQLITE3 ref: 6096A682
                                                                                                            • sqlite3_strnicmp.SQLITE3 ref: 6096A6BC
                                                                                                            • sqlite3_mprintf.SQLITE3 ref: 6096A6F9
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6096A754
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096A969
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096A9AC
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 6096A9BB
                                                                                                            • sqlite3_strnicmp.SQLITE3 ref: 6096B04A
                                                                                                              • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                              • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                              • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                            • sqlite3_value_int.SQLITE3 ref: 6096B241
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6096B270
                                                                                                            • sqlite3_bind_null.SQLITE3 ref: 6096B2DF
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096B2EA
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6096B2F5
                                                                                                            • sqlite3_value_int.SQLITE3 ref: 6096B43B
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6096B530
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6096B576
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096B5F4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_stepsqlite3_strnicmp$sqlite3_freesqlite3_mallocsqlite3_resetsqlite3_value_bytessqlite3_value_intsqlite3_value_text$sqlite3_bind_intsqlite3_bind_nullsqlite3_finalizesqlite3_mprintf
                                                                                                            • String ID: optimize
                                                                                                            • API String ID: 1540667495-3797040228
                                                                                                            • Opcode ID: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                                            • Instruction ID: 15d53f9c7948a495e2c6926a79545eea34293df74e7a3e63ea56b3727437b729
                                                                                                            • Opcode Fuzzy Hash: ab382b16e3f59fac809a38361d516dac1e6c4c02a096abfb60effccae4f38c9b
                                                                                                            • Instruction Fuzzy Hash: 54B2F670A142198FEB14DF68C890B9DBBF6BF68304F1085A9E889AB351E774DD85CF41
                                                                                                            APIs
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 60966178
                                                                                                            • sqlite3_free.SQLITE3 ref: 60966183
                                                                                                            • sqlite3_value_numeric_type.SQLITE3 ref: 609661AE
                                                                                                            • sqlite3_value_numeric_type.SQLITE3 ref: 609661DE
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 60966236
                                                                                                            • sqlite3_value_int.SQLITE3 ref: 60966274
                                                                                                            • memcmp.MSVCRT ref: 6096639E
                                                                                                              • Part of subcall function 60940A5B: sqlite3_malloc.SQLITE3 ref: 60940AA1
                                                                                                              • Part of subcall function 60940A5B: sqlite3_free.SQLITE3 ref: 60940C1D
                                                                                                            • sqlite3_mprintf.SQLITE3 ref: 60966B51
                                                                                                            • sqlite3_mprintf.SQLITE3 ref: 60966B7D
                                                                                                              • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                                              • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_numeric_type$memcmpsqlite3_finalizesqlite3_initializesqlite3_mallocsqlite3_value_intsqlite3_value_textsqlite3_vmprintf
                                                                                                            • String ID: ASC$DESC$x
                                                                                                            • API String ID: 4082667235-1162196452
                                                                                                            • Opcode ID: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                            • Instruction ID: 01f4316cc9c65235d83944c747b96ccca9397e1276bdc6c450b31a73d7ca280a
                                                                                                            • Opcode Fuzzy Hash: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                                                            • Instruction Fuzzy Hash: AD921274A14319CFEB10CFA9C99079DBBB6BF69304F20816AD858AB342D774E985CF41
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3(?,?), ref: 609693A5
                                                                                                            • sqlite3_step.SQLITE3(?,?), ref: 609693B0
                                                                                                            • sqlite3_column_int64.SQLITE3(?,?), ref: 609693DC
                                                                                                              • Part of subcall function 6096A2BD: sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                              • Part of subcall function 6096A2BD: sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                              • Part of subcall function 6096A2BD: sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                              • Part of subcall function 6096A2BD: sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                            • sqlite3_reset.SQLITE3(?,?), ref: 609693F3
                                                                                                            • sqlite3_malloc.SQLITE3(?), ref: 60969561
                                                                                                            • sqlite3_malloc.SQLITE3(?), ref: 6096958D
                                                                                                            • sqlite3_step.SQLITE3(?), ref: 609695D2
                                                                                                            • sqlite3_column_int64.SQLITE3(?), ref: 609695EA
                                                                                                            • sqlite3_reset.SQLITE3(?), ref: 60969604
                                                                                                            • sqlite3_realloc.SQLITE3(?), ref: 609697D0
                                                                                                            • sqlite3_realloc.SQLITE3(?), ref: 609698A9
                                                                                                              • Part of subcall function 609129D5: sqlite3_initialize.SQLITE3(?,?,?,60915F55,?,?,?,?,?,?,00000000,?,?,?,60915FE2,00000000), ref: 609129E0
                                                                                                            • sqlite3_bind_int64.SQLITE3(?,?), ref: 609699B8
                                                                                                            • sqlite3_bind_int64.SQLITE3(?), ref: 6096934D
                                                                                                              • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            • sqlite3_bind_int64.SQLITE3(?,?), ref: 60969A6A
                                                                                                            • sqlite3_step.SQLITE3(?,?), ref: 60969A75
                                                                                                            • sqlite3_reset.SQLITE3(?,?), ref: 60969A80
                                                                                                            • sqlite3_free.SQLITE3(?), ref: 60969D41
                                                                                                            • sqlite3_free.SQLITE3(?), ref: 60969D4C
                                                                                                            • sqlite3_free.SQLITE3(?), ref: 60969D5B
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_mallocsqlite3_realloc$sqlite3_column_intsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2
                                                                                                            • String ID:
                                                                                                            • API String ID: 961572588-0
                                                                                                            • Opcode ID: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                            • Instruction ID: dba6eef834311e7f80380fc62c490a647dd1765b4da9a7e0a506f520bf28697a
                                                                                                            • Opcode Fuzzy Hash: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                                                            • Instruction Fuzzy Hash: 9872F275A042298FDB24CF69C88078DB7F6FF98314F1586A9D889AB341D774AD81CF81
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_mutex_leavesqlite3_stricmp
                                                                                                            • String ID: 2$foreign key$indexed
                                                                                                            • API String ID: 4126863092-702264400
                                                                                                            • Opcode ID: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                            • Instruction ID: 3d5d194cd292e354de8359ea213fef7e5121ae3f60f7d2d7ba557b44893e8b9c
                                                                                                            • Opcode Fuzzy Hash: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                                                            • Instruction Fuzzy Hash: 6BE1B374A142099FDB04CFA8D590A9DBBF2BFA9304F21C129E855AB754DB35ED82CF40
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094A72B
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094A73C
                                                                                                            • sqlite3_column_blob.SQLITE3 ref: 6094A760
                                                                                                            • sqlite3_column_bytes.SQLITE3 ref: 6094A77C
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6094A793
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6094A7F2
                                                                                                            • sqlite3_free.SQLITE3(?), ref: 6094A87C
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_column_blobsqlite3_column_bytessqlite3_freesqlite3_mallocsqlite3_mutex_entersqlite3_resetsqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 2794791986-0
                                                                                                            • Opcode ID: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                                            • Instruction ID: 088d5e00ded46b3eb5457b54e5d33bc48436a4b712d77f6ae5dc1ca3eb859b7b
                                                                                                            • Opcode Fuzzy Hash: 324244e72ed1eb068e97444324dd06558e7f5640642cd65f7376e38a8826fd77
                                                                                                            • Instruction Fuzzy Hash: BE5110B5A042058FCB04CF69C48069ABBF6FF68318F158569E858AB345D734EC82CF90
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_stricmp
                                                                                                            • String ID: USING COVERING INDEX $DISTINCT$ORDER BY
                                                                                                            • API String ID: 912767213-1308749736
                                                                                                            • Opcode ID: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                            • Instruction ID: 4f43644a9add5c5df618cbd47cd61ce2203d262f2077f605e752fe25420d36ab
                                                                                                            • Opcode Fuzzy Hash: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                                                            • Instruction Fuzzy Hash: 2412D674A08268CFDB25DF28C880B5AB7B3AFA9314F1085E9E8899B355D774DD81CF41
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094B488
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094B496
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6094B4A4
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094B4D2
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094B4E0
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6094B4EE
                                                                                                              • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$memmove
                                                                                                            • String ID:
                                                                                                            • API String ID: 4082478743-0
                                                                                                            • Opcode ID: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                            • Instruction ID: 9e7f29540a3c6f2d28ce6b101cd1a975f5529a8f599b89b7128c34d749e8d9ce
                                                                                                            • Opcode Fuzzy Hash: aa77e302053f557c70a8d8c80c1bb3ccc0b69d7e46be98bddd9db9cb48891f7f
                                                                                                            • Instruction Fuzzy Hash: DD41D2B4A087018FCB50DF69C484A9EB7F6EFA8364F158929EC99CB315E734E8418F51
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6094D354
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6094D546
                                                                                                              • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905D8B
                                                                                                              • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DA4
                                                                                                              • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DB8
                                                                                                            • sqlite3_stricmp.SQLITE3 ref: 6094D3DA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_stricmp$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID: BINARY$INTEGER
                                                                                                            • API String ID: 317512412-1676293250
                                                                                                            • Opcode ID: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                            • Instruction ID: cace79839434994537c0410bddb438ad3d501bddbf1b20fcc6a8a8bdb5da7fdd
                                                                                                            • Opcode Fuzzy Hash: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                                                            • Instruction Fuzzy Hash: 8E712978A056099BDB05CF69C49079EBBF2BFA8308F11C529EC55AB3A4D734E941CF80
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094B582
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094B590
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 6094B5AD
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6094B5EE
                                                                                                            • memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: memmovesqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 2802900177-0
                                                                                                            • Opcode ID: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                                            • Instruction ID: fa681a173a9aa7ad5377a8f3376375fc0286f70c891b696e42c92f52458a3a0e
                                                                                                            • Opcode Fuzzy Hash: f7dd783d858009ac2aa36dfb06bc3a4e86bc75c1920f7d1bf53ec4d0fe99899e
                                                                                                            • Instruction Fuzzy Hash: 0B517D75A082018FCB14CF69C48169EF7F7FBA8314F25C669D8499B318EA74EC81CB81
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6093F443
                                                                                                              • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6093F45C
                                                                                                              • Part of subcall function 60939559: memcmp.MSVCRT ref: 60939694
                                                                                                              • Part of subcall function 60939559: memcmp.MSVCRT ref: 609396CA
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6093F8CD
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6093F8E3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: memcmpsqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                                            • String ID:
                                                                                                            • API String ID: 4038589952-0
                                                                                                            • Opcode ID: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                            • Instruction ID: 916146ddc5613ce70bfe97dc7fabc38680eb49f4f4fdba01105907ea2da9c682
                                                                                                            • Opcode Fuzzy Hash: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                                                            • Instruction Fuzzy Hash: 87F13674A046158FDB18CFA9C590A9EB7F7AFA8308F248429E846AB355D774EC42CF40
                                                                                                            APIs
                                                                                                              • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                                              • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                                              • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                                              • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094C719
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094C72A
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6094C73B
                                                                                                              • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                                                              • Part of subcall function 6094A9F5: sqlite3_free.SQLITE3 ref: 6094AA7A
                                                                                                            • sqlite3_free.SQLITE3 ref: 6094C881
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_freesqlite3_resetsqlite3_step$memmovesqlite3_column_int64
                                                                                                            • String ID:
                                                                                                            • API String ID: 3487101843-0
                                                                                                            • Opcode ID: 5f7c6ccdcb237f7a487fb09799aacf08d073da1bf61c53431d7ccff799043987
                                                                                                            • Instruction ID: dadb85a3919e548a164012fc2e04d9b0ab11445217433cc10b515e99a95ed5c3
                                                                                                            • Opcode Fuzzy Hash: 5f7c6ccdcb237f7a487fb09799aacf08d073da1bf61c53431d7ccff799043987
                                                                                                            • Instruction Fuzzy Hash: 3681FA74A046098FCB44DF99C480A9DF7F7AFA8354F258529E855AB314EB34EC46CF90
                                                                                                            APIs
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                            • sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                              • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 6096A3F3
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_resetsqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 247099642-0
                                                                                                            • Opcode ID: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                            • Instruction ID: 69535c0605dcb565d56369453fd68d3a3097adfd173720c6e67b3d4aca8354ad
                                                                                                            • Opcode Fuzzy Hash: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                                                            • Instruction Fuzzy Hash: FF2151B0A143148BEB109FA9D88479EB7FAEF64308F00852DE89597350EBB8D845CF51
                                                                                                            APIs
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                                                              • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                                                              • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            • sqlite3_step.SQLITE3 ref: 6096A32D
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                                                              • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                                            • sqlite3_reset.SQLITE3 ref: 6096A354
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2sqlite3_resetsqlite3_stepsqlite3_value_int
                                                                                                            • String ID:
                                                                                                            • API String ID: 326482775-0
                                                                                                            • Opcode ID: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                            • Instruction ID: 7c1586c82cd56d85cf32929a5cd575737867df940847ca2bf63216634e784e33
                                                                                                            • Opcode Fuzzy Hash: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                                                            • Instruction Fuzzy Hash: 0E214DB0A043049BDB04DFA9C480B9EF7FAEFA8354F04C429E8959B340E778D8418B51
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094B71E
                                                                                                              • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 6094B73C
                                                                                                            • sqlite3_step.SQLITE3 ref: 6094B74A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64$sqlite3_mutex_leavesqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 3305529457-0
                                                                                                            • Opcode ID: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                                            • Instruction ID: cea3564161c85327b61b62d60446574847d05a2bcfebeda4641ea5396b37aa5a
                                                                                                            • Opcode Fuzzy Hash: dc92f9052f14c19b23696c87723feab2593fd922d888b89f432a916288e70c30
                                                                                                            • Instruction Fuzzy Hash: D401A8B45047049FCB00DF19D9C968ABBE5FF98354F158869FC888B305D374E8548BA6
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6090C1EA
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6090C22F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1477753154-0
                                                                                                            • Opcode ID: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                            • Instruction ID: fc120f7ed3300d8301d0f99cb769197b575d5683181bd6b289e4b53452841bc5
                                                                                                            • Opcode Fuzzy Hash: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                                                            • Instruction Fuzzy Hash: 6501F4715042548BDB449F2EC4C576EBBEAEF65318F048469DD419B326D374D882CBA1
                                                                                                            APIs
                                                                                                              • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 609255B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1465156292-0
                                                                                                            • Opcode ID: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                                            • Instruction ID: 19c4c58ecb434a21204d9b38047e93a23a7f28015e8477a734fda6841bb58fe8
                                                                                                            • Opcode Fuzzy Hash: 61f2b65abbb078f396bfa931b2809e4962fa985140118a0fa907d432528e7d54
                                                                                                            • Instruction Fuzzy Hash: 56317AB4A082188FCB04DF69D880A8EBBF6FF99314F008559FC5897348D734D940CBA5
                                                                                                            APIs
                                                                                                              • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 60925508
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1465156292-0
                                                                                                            • Opcode ID: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                            • Instruction ID: ad89f0bb34aa7175efe61e1ac22fb0c12735e6005c3b9edbf096fd229bca234b
                                                                                                            • Opcode Fuzzy Hash: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                                                            • Instruction Fuzzy Hash: 5A01A475B107148BCB109F2ACC8164BBBFAEF68254F05991AEC41DB315D775ED458BC0
                                                                                                            APIs
                                                                                                              • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1465156292-0
                                                                                                            • Opcode ID: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                                            • Instruction ID: 4fd0dfe8dd6226820e052206e0db6187a6d8a97f2116fb4a305c2fd2856f8961
                                                                                                            • Opcode Fuzzy Hash: ebbe32869a67294cb2d54c108597a832b3743d43329dcf341f64f2493053d601
                                                                                                            • Instruction Fuzzy Hash: 94F08CB5A002099BCB00DF2AD88088ABBBAFF98264B05952AEC049B314D770E941CBD0
                                                                                                            APIs
                                                                                                              • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 60925678
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1465156292-0
                                                                                                            • Opcode ID: 20ce1548f611e36a3668a48b9975394e1a388ab84833d9cb320a678b216caf11
                                                                                                            • Instruction ID: bc2fa39936d9f4ed0ba1ebf98b65e017ff83ed2bbf5e058a49948814e7f33c49
                                                                                                            • Opcode Fuzzy Hash: 20ce1548f611e36a3668a48b9975394e1a388ab84833d9cb320a678b216caf11
                                                                                                            • Instruction Fuzzy Hash: 59E0EC74A042089BCB04DF6AD4C194AB7F9EF58258B14D665EC458B309E231E9858BC1
                                                                                                            APIs
                                                                                                            • sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                                                              • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 3064317574-0
                                                                                                            • Opcode ID: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                                            • Instruction ID: 7a9bf9350bb0d435b7485bd9c083abc2dab3a9c90cc7cce47300d03dda88f0d0
                                                                                                            • Opcode Fuzzy Hash: 8bfbb127be37b3944cf6aee767a60d103abce584902525ba566a621f413e0d82
                                                                                                            • Instruction Fuzzy Hash: FFD092B4909309AFCB00EF29C48644EBBE5AF98258F40C82DFC98C7314E274E8408F92
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                                            • Instruction ID: 29002ccca7877ead4b7e7e784383ace88c03f26ddf616943a2b43c0eb71ea2e3
                                                                                                            • Opcode Fuzzy Hash: 5c5aa561fe8b7943dde2a358ba30c2c8876ef78bddd50c77f68009583e67d90a
                                                                                                            • Instruction Fuzzy Hash: 36E0E2B850430DABDF00CF09D8C188A7BAAFB08364F10C119FC190B305C371E9548BA1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                                            • Instruction ID: a276b763828cd9d21177d39229c24ef0f5c00ef14d0f26540801fec71d9d5410
                                                                                                            • Opcode Fuzzy Hash: c82c79c3d673ce5d83164ffe7b594e49b00bd73c00824d0aa5044480003c1f0d
                                                                                                            • Instruction Fuzzy Hash: 29E0E2B850430DABDF00CF09D8C198A7BAAFB08264F10C119FC190B304C331E9148BE1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                            • Instruction ID: aa639d4c52eda77921d109c173628d401b16d57fa3137d2b917a91732d8775c8
                                                                                                            • Opcode Fuzzy Hash: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                                                            • Instruction Fuzzy Hash: D7C01265704208574B00E92DE8C154577AA9718164B108039E80B87301D975ED084291
                                                                                                            APIs
                                                                                                            • sqlite3_initialize.SQLITE3 ref: 6096C5BE
                                                                                                              • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                            • sqlite3_log.SQLITE3 ref: 6096C5FC
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096C67E
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096CD71
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6096CD80
                                                                                                            • sqlite3_errcode.SQLITE3 ref: 6096CD88
                                                                                                            • sqlite3_close.SQLITE3 ref: 6096CD97
                                                                                                            • sqlite3_create_function.SQLITE3 ref: 6096CDF8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_closesqlite3_create_functionsqlite3_errcodesqlite3_initializesqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID: BINARY$NOCASE$RTRIM$porter$rtree$rtree_i32$simple
                                                                                                            • API String ID: 1320758876-2501389569
                                                                                                            • Opcode ID: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                            • Instruction ID: 66f98c4e8467cc0752991b2fada45a5d6d89a43a55ba94f1559c09c68fc79e30
                                                                                                            • Opcode Fuzzy Hash: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                                                            • Instruction Fuzzy Hash: 7A024BB05183019BEB119F64C49536ABFF6BFA1348F11882DE8959F386D7B9C845CF82
                                                                                                            APIs
                                                                                                            • sqlite3_free.SQLITE3 ref: 609264C9
                                                                                                            • sqlite3_free.SQLITE3 ref: 60926526
                                                                                                            • sqlite3_free.SQLITE3 ref: 6092652E
                                                                                                            • sqlite3_free.SQLITE3 ref: 60926550
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                              • Part of subcall function 6090AFF5: sqlite3_free.SQLITE3 ref: 6090B09A
                                                                                                            • sqlite3_free.SQLITE3 ref: 60926626
                                                                                                            • sqlite3_win32_mbcs_to_utf8.SQLITE3 ref: 6092662E
                                                                                                            • sqlite3_free.SQLITE3 ref: 60926638
                                                                                                            • sqlite3_snprintf.SQLITE3 ref: 6092666B
                                                                                                            • sqlite3_free.SQLITE3 ref: 60926673
                                                                                                            • sqlite3_snprintf.SQLITE3 ref: 609266B8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_mbcs_to_utf8
                                                                                                            • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                            • API String ID: 937752868-2111127023
                                                                                                            • Opcode ID: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                            • Instruction ID: 28f04709130b2e8b140c84fcd32bad5e17fba194e1ccee1aab8ced89c5ccf9cf
                                                                                                            • Opcode Fuzzy Hash: 76700054f020c8d7fe753577c30eef17e659d67ca67044e42639e839992701d7
                                                                                                            • Instruction Fuzzy Hash: EA712E706183058FE700AF69D88465DBFF6AFA5748F00C82DE8999B314E778C845DF92
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc$sqlite3_freesqlite3_vfs_find
                                                                                                            • String ID: @$access$cache
                                                                                                            • API String ID: 4158134138-1361544076
                                                                                                            • Opcode ID: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                                            • Instruction ID: 35071b2ec389daa84eb338d99e29a1052eb2425681bc363379ff67fe3f9a0dd7
                                                                                                            • Opcode Fuzzy Hash: 19065094f7a61ae5fa0f118773a69bd69932ab9bc71fb499c0e2e31449818374
                                                                                                            • Instruction Fuzzy Hash: 27D19E75D183458BDB11CF69E58039EBBF7AFAA304F20846ED4949B349D339D882CB52
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            • SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 609486C8
                                                                                                            • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 60948728
                                                                                                            • ATTACH '' AS vacuum_db;, xrefs: 60948529
                                                                                                            • SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' , xrefs: 609486E8
                                                                                                            • BEGIN;, xrefs: 609485DB
                                                                                                            • ATTACH ':memory:' AS vacuum_db;, xrefs: 60948534
                                                                                                            • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';, xrefs: 60948768
                                                                                                            • SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %', xrefs: 60948708
                                                                                                            • PRAGMA vacuum_db.synchronous=OFF, xrefs: 609485BB
                                                                                                            • SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' , xrefs: 60948748
                                                                                                            • INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0), xrefs: 60948788
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: ATTACH '' AS vacuum_db;$ATTACH ':memory:' AS vacuum_db;$BEGIN;$INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)$PRAGMA vacuum_db.synchronous=OFF$SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' $SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0$SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'$SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' $SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';$SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                                                                                            • API String ID: 632333372-52344843
                                                                                                            • Opcode ID: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                            • Instruction ID: 17dae18cb22bd420f764556e48f7e631e7f528851c991f2db59136dec61311d4
                                                                                                            • Opcode Fuzzy Hash: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                                                            • Instruction Fuzzy Hash: 1202F6B0A046299BDB2ACF18C88179EB7FABF65304F1081D9E858AB355D771DE81CF41
                                                                                                            APIs
                                                                                                              • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                              • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                              • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 60960384
                                                                                                            • sqlite3_free.SQLITE3 ref: 609605EA
                                                                                                            • sqlite3_result_error_code.SQLITE3 ref: 6096060D
                                                                                                            • sqlite3_free.SQLITE3 ref: 60960618
                                                                                                            • sqlite3_result_text.SQLITE3 ref: 6096063C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_result_error_code$sqlite3_bind_int64sqlite3_mallocsqlite3_mprintfsqlite3_resetsqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                            • String ID: offsets
                                                                                                            • API String ID: 463808202-2642679573
                                                                                                            • Opcode ID: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                            • Instruction ID: 1101d6838161b799219a4b3d5732631e197d31251dd2d8b91c34f261bd2faa79
                                                                                                            • Opcode Fuzzy Hash: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                                                            • Instruction Fuzzy Hash: 72C1D374A183198FDB14CF59C580B8EBBF2BFA8314F2085A9E849AB354D734D985CF52
                                                                                                            APIs
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A3C1
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A3D6
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A3E4
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A416
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A424
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A43A
                                                                                                            • sqlite3_result_text.SQLITE3 ref: 6091A5A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_text
                                                                                                            • String ID:
                                                                                                            • API String ID: 2903785150-0
                                                                                                            • Opcode ID: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                            • Instruction ID: 050d84d3da0bd462ad4a4a15df4a38950001fc66f1de33c81d7c2c3a6f7146e7
                                                                                                            • Opcode Fuzzy Hash: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                                                            • Instruction Fuzzy Hash: 8971D074E086599FCF00DFA8C88069DBBF2BF59314F1485AAE855AB304E734EC85CB91
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 423083942-0
                                                                                                            • Opcode ID: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                                            • Instruction ID: dba10035f3c017a022ff92dc0406edc4c972eb6647695f7afdbed5011b3e14eb
                                                                                                            • Opcode Fuzzy Hash: 039a1925b88827ab71129b12bf0a0cfd7bb9a75e2f5fb5313a60c0869b9e4a18
                                                                                                            • Instruction Fuzzy Hash: 9112E3B4A15218CFCB18CF98D480A9EBBF6BF98304F24855AD855AB319D774EC42CF90
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091264D
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912662
                                                                                                            • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091273E
                                                                                                            • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912753
                                                                                                            • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912758
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912803
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091280E
                                                                                                            • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091282A
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091283F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                                            • String ID:
                                                                                                            • API String ID: 3556715608-0
                                                                                                            • Opcode ID: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                            • Instruction ID: 37d7613b282c24208f37f95ee69ae3eaf9c0527d79975c213f2f38643f7f707f
                                                                                                            • Opcode Fuzzy Hash: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                                                            • Instruction Fuzzy Hash: FEA14A71A2C215CBEB009F69CC843257FE7B7A7318F10816DD415AB2A0E7B9DC95EB11
                                                                                                            APIs
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6095F645
                                                                                                            • sqlite3_exec.SQLITE3 ref: 6095F686
                                                                                                              • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                                            • sqlite3_free_table.SQLITE3 ref: 6095F6A0
                                                                                                            • sqlite3_mprintf.SQLITE3 ref: 6095F6C7
                                                                                                              • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                                                              • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095F6B4
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095F6D4
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095F6ED
                                                                                                            • sqlite3_free_table.SQLITE3 ref: 6095F6FF
                                                                                                            • sqlite3_realloc.SQLITE3 ref: 6095F71B
                                                                                                            • sqlite3_free_table.SQLITE3 ref: 6095F72D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_free_table$sqlite3_execsqlite3_initializesqlite3_logsqlite3_mallocsqlite3_mprintfsqlite3_mutex_entersqlite3_reallocsqlite3_vmprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 1866449048-0
                                                                                                            • Opcode ID: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                                            • Instruction ID: 9ac78cbffd0e0cf27e5d0fdbf17c3a3d034f00011a14f89e76d08e502163788c
                                                                                                            • Opcode Fuzzy Hash: 2addae8d4502475aa330d0fbe12d9077f3fed0f055932ab6dac269a256a03500
                                                                                                            • Instruction Fuzzy Hash: 8751F1B49467099FDB01DF69D59178EBBF6FF68318F104429E884AB300D379D894CB91
                                                                                                            APIs
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407B4
                                                                                                              • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940672
                                                                                                              • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940696
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407C2
                                                                                                              • Part of subcall function 6094064B: sqlite3_mutex_enter.SQLITE3 ref: 609406A7
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407D0
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407DE
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407EC
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609407FA
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 60940808
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 60940816
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 60940824
                                                                                                            • sqlite3_free.SQLITE3 ref: 6094082C
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_finalize$sqlite3_logsqlite3_mutex_enter$sqlite3_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 14011187-0
                                                                                                            • Opcode ID: d36625bd4fa8924ea0abcbec615d2e266582c2e39b3be902bd1f9101c01d6c45
                                                                                                            • Instruction ID: 14c977e837db455c9c1ce3b69ce7d4e0fb0da6313972e550a4586d0eb1b189ee
                                                                                                            • Opcode Fuzzy Hash: d36625bd4fa8924ea0abcbec615d2e266582c2e39b3be902bd1f9101c01d6c45
                                                                                                            • Instruction Fuzzy Hash: F7116774504B008BCB50BF78C9C965877E9AFB5308F061978EC8A8F306EB34D4918B15
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: $ AND $%s USING %sINDEX %s%s$%s USING AUTOMATIC %sINDEX%.0s%s$)><$0$ANY($COVERING $SCAN$SEARCH$rowid
                                                                                                            • API String ID: 0-780898
                                                                                                            • Opcode ID: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                            • Instruction ID: 1b008e11d07f16b9462ef115b46fd1892196ed4c5360d6a6f9a636b6bab85f9b
                                                                                                            • Opcode Fuzzy Hash: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                                                            • Instruction Fuzzy Hash: 46D109B0A087099FD714CF99C19079DBBF2BFA8308F10886AE495AB355D774D982CF81
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: aolf$aolf$bolb$bolc$buod$buod$laer$laer$rahc$tni$txet
                                                                                                            • API String ID: 0-2604012851
                                                                                                            • Opcode ID: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                            • Instruction ID: a78f5df49eecf700eafad7d6eadd6707640e608d2d263d021760269e78388884
                                                                                                            • Opcode Fuzzy Hash: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                                                            • Instruction Fuzzy Hash: 2D31B171A891458ADB21891C85503EE7FBB9BE3344F28902EC8B2DB246C735CCD0C3A2
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: memcmp$sqlite3_logsqlite3_mutex_try
                                                                                                            • String ID: 0$SQLite format 3
                                                                                                            • API String ID: 3174206576-3388949527
                                                                                                            • Opcode ID: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                                            • Instruction ID: d3cc03899c2fb96d27ccc41cf7ad58ff30b38a29db2c3208110d6cb2c70dce50
                                                                                                            • Opcode Fuzzy Hash: e2a376b1a29b79c4f9f51ec04e7584e9c4e5062bfe0a82991cc629df80cc0a0f
                                                                                                            • Instruction Fuzzy Hash: A3028BB0A082659BDB09CF68D48178ABBF7FFA5308F148269E8459B345DB74DC85CF81
                                                                                                            APIs
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6095F030
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6095F03E
                                                                                                            • sqlite3_stricmp.SQLITE3 ref: 6095F0B3
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095F180
                                                                                                              • Part of subcall function 6092E279: strcmp.MSVCRT ref: 6092E2AE
                                                                                                              • Part of subcall function 6092E279: sqlite3_free.SQLITE3 ref: 6092E3A8
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095F1BD
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            • sqlite3_result_error_code.SQLITE3 ref: 6095F34E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codesqlite3_stricmpstrcmp
                                                                                                            • String ID: |
                                                                                                            • API String ID: 1576672187-2343686810
                                                                                                            • Opcode ID: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                            • Instruction ID: c4017fd8acd983bc841f22cdb0f4132ffe50c361176833da1127552c957ad2bb
                                                                                                            • Opcode Fuzzy Hash: 45796efa6547682f16092b9fa288c01422e20de86ab54653b6df12e990b05c38
                                                                                                            • Instruction Fuzzy Hash: B2B189B4A08308CBDB01CF69C491B9EBBF2BF68358F148968E854AB355D734EC55CB81
                                                                                                            APIs
                                                                                                            • sqlite3_file_control.SQLITE3 ref: 609537BD
                                                                                                            • sqlite3_free.SQLITE3 ref: 60953842
                                                                                                            • sqlite3_free.SQLITE3 ref: 6095387C
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            • sqlite3_stricmp.SQLITE3 ref: 609538D4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_file_controlsqlite3_mutex_entersqlite3_stricmp
                                                                                                            • String ID: 6$timeout
                                                                                                            • API String ID: 2671017102-3660802998
                                                                                                            • Opcode ID: 8cffcba2199636318c40f61931f0f453c1b4c4e8a0677f5b7de6569c291e0b77
                                                                                                            • Instruction ID: da3e9078838fdf1f068eeacc94130b5fe058058c2a53432068b0843c8cdd1fdd
                                                                                                            • Opcode Fuzzy Hash: 8cffcba2199636318c40f61931f0f453c1b4c4e8a0677f5b7de6569c291e0b77
                                                                                                            • Instruction Fuzzy Hash: 6CA11270A083198BDB15CF6AC88079EBBF6BFA9304F10846DE8589B354D774D885CF41
                                                                                                            APIs
                                                                                                            • sqlite3_snprintf.SQLITE3 ref: 6095D450
                                                                                                              • Part of subcall function 60917354: sqlite3_vsnprintf.SQLITE3 ref: 60917375
                                                                                                            • sqlite3_snprintf.SQLITE3 ref: 6095D4A1
                                                                                                            • sqlite3_snprintf.SQLITE3 ref: 6095D525
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_snprintf$sqlite3_vsnprintf
                                                                                                            • String ID: $)><$sqlite_master$sqlite_temp_master
                                                                                                            • API String ID: 652164897-1572359634
                                                                                                            • Opcode ID: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                            • Instruction ID: a98725bc65f6cff0ffebef66634980575a39ba2d787d432de3c608a01e11e389
                                                                                                            • Opcode Fuzzy Hash: 7664a015b2dc01db37cf12657f922778db359f6c70a1ba93bfebbfbe3581116b
                                                                                                            • Instruction Fuzzy Hash: 5991F275E05219CFCB15CF98C48169DBBF2BFA9308F14845AE859AB314DB34ED46CB81
                                                                                                            APIs
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091B06E
                                                                                                            • sqlite3_result_error_toobig.SQLITE3 ref: 6091B178
                                                                                                            • sqlite3_result_error_nomem.SQLITE3 ref: 6091B197
                                                                                                            • sqlite3_result_text.SQLITE3 ref: 6091B5A3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                                            • String ID:
                                                                                                            • API String ID: 2352520524-0
                                                                                                            • Opcode ID: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                            • Instruction ID: 99f21b63ad5c9672efebb0dd762c853f70c7e366ddc85f9db9da2d733c13ec0c
                                                                                                            • Opcode Fuzzy Hash: bf61c68f4ce88464188c3b4ec21cbec410585f797eaf5b0aff599f1fc01aebfc
                                                                                                            • Instruction Fuzzy Hash: F9E16B71E4C2199BDB208F18C89039EBBF7AB65314F1584DAE8A857351D738DCC19F82
                                                                                                            APIs
                                                                                                              • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                                                              • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                                                              • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                                                            • sqlite3_exec.SQLITE3 ref: 6096A4D7
                                                                                                              • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                                                            • sqlite3_result_text.SQLITE3 ref: 6096A5D3
                                                                                                              • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                                                              • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                                                              • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                                                            • sqlite3_exec.SQLITE3 ref: 6096A523
                                                                                                            • sqlite3_exec.SQLITE3 ref: 6096A554
                                                                                                            • sqlite3_exec.SQLITE3 ref: 6096A57F
                                                                                                            • sqlite3_result_error_code.SQLITE3 ref: 6096A5E1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_exec$sqlite3_bind_intsqlite3_freesqlite3_logsqlite3_mprintfsqlite3_resetsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                                                            • String ID: optimize
                                                                                                            • API String ID: 3659050757-3797040228
                                                                                                            • Opcode ID: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                            • Instruction ID: 653702cfcd2f061f0588c77de086fc27204f9fc351fc8b4992cba684a546c14d
                                                                                                            • Opcode Fuzzy Hash: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                                                            • Instruction Fuzzy Hash: E831C3B11187119FE310DF24C49570FBBE6ABA1368F10C91DF9968B350E7B9D8459F82
                                                                                                            APIs
                                                                                                            • sqlite3_column_blob.SQLITE3 ref: 609654FB
                                                                                                            • sqlite3_column_bytes.SQLITE3 ref: 60965510
                                                                                                            • sqlite3_reset.SQLITE3 ref: 60965556
                                                                                                            • sqlite3_reset.SQLITE3 ref: 609655B8
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 60965655
                                                                                                            • sqlite3_free.SQLITE3 ref: 60965714
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096574B
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            • sqlite3_free.SQLITE3 ref: 609657AA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 2722129401-0
                                                                                                            • Opcode ID: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                            • Instruction ID: e3a8cc565ee031670952cbbbf81914cbe75110044a29491daaf6513bdc913a85
                                                                                                            • Opcode Fuzzy Hash: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                                                            • Instruction Fuzzy Hash: BBD1D270E14219CFEB14CFA9C48469DBBF2BF68304F20856AD899AB346D774E845CF81
                                                                                                            APIs
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 609645D9
                                                                                                              • Part of subcall function 60928099: sqlite3_malloc.SQLITE3 ref: 609280ED
                                                                                                            • sqlite3_free.SQLITE3 ref: 609647C5
                                                                                                              • Part of subcall function 60963D35: memcmp.MSVCRT ref: 60963E74
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096476B
                                                                                                              • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096477B
                                                                                                            • sqlite3_free.SQLITE3 ref: 60964783
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_malloc$memcmpsqlite3_mutex_enter
                                                                                                            • String ID:
                                                                                                            • API String ID: 571598680-0
                                                                                                            • Opcode ID: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                            • Instruction ID: 53ad94a03898eae12f4127695087571842428d6fdffc19c65fee49adcf86f1ae
                                                                                                            • Opcode Fuzzy Hash: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                                                            • Instruction Fuzzy Hash: 5E91F674E14228CFEB14CFA9D890B9EBBB6BB99304F1085AAD849A7344D734DD81CF51
                                                                                                            APIs
                                                                                                            • sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                                                              • Part of subcall function 60962F28: sqlite3_log.SQLITE3 ref: 60962F5D
                                                                                                            • sqlite3_mprintf.SQLITE3 ref: 60963534
                                                                                                            • sqlite3_blob_open.SQLITE3 ref: 6096358B
                                                                                                            • sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                                                            • sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                                                            • sqlite3_free.SQLITE3 ref: 60963621
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_logsqlite3_mallocsqlite3_mprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 4276469440-0
                                                                                                            • Opcode ID: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                            • Instruction ID: 177081cd506585250240414a33056f89eeda992db91a315aff795e5fc91eaf1e
                                                                                                            • Opcode Fuzzy Hash: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                                                            • Instruction Fuzzy Hash: C641E5B09087059FDB40DF29C48179EBBE6AF98354F01C87AE898DB354E734D841DB92
                                                                                                            APIs
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A240
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A24E
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A25A
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A27C
                                                                                                            Strings
                                                                                                            • LIKE or GLOB pattern too complex, xrefs: 6091A267
                                                                                                            • ESCAPE expression must be a single character, xrefs: 6091A293
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_text$sqlite3_value_bytes
                                                                                                            • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                            • API String ID: 4080917175-264706735
                                                                                                            • Opcode ID: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                            • Instruction ID: 7e7232241edcba55bc41816b79a09feadaac9d75cc2fb544db44a2248cbef301
                                                                                                            • Opcode Fuzzy Hash: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                                                            • Instruction Fuzzy Hash: A4214C74A182198BCB00DF79C88165EBBF6FF64354B108AA9E864DB344E734DCC6CB95
                                                                                                            APIs
                                                                                                              • Part of subcall function 6092506E: sqlite3_log.SQLITE3 ref: 609250AB
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 609250E7
                                                                                                            • sqlite3_value_text16.SQLITE3 ref: 60925100
                                                                                                            • sqlite3_value_text16.SQLITE3 ref: 6092512C
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6092513E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_text16$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID: library routine called out of sequence$out of memory
                                                                                                            • API String ID: 2019783549-3029887290
                                                                                                            • Opcode ID: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                            • Instruction ID: f6310061860eb79c45c0a7b6efb00bde58ba827c5a391e7df96a4cb3fbc4cfa9
                                                                                                            • Opcode Fuzzy Hash: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                                                            • Instruction Fuzzy Hash: 81014C70A083049BDB14AF69C9C170EBBE6BF64248F0488A9EC958F30EE775D8818B51
                                                                                                            APIs
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609406E3
                                                                                                              • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940672
                                                                                                              • Part of subcall function 6094064B: sqlite3_log.SQLITE3 ref: 60940696
                                                                                                            • sqlite3_free.SQLITE3 ref: 609406F7
                                                                                                            • sqlite3_free.SQLITE3 ref: 60940705
                                                                                                            • sqlite3_free.SQLITE3 ref: 60940713
                                                                                                            • sqlite3_free.SQLITE3 ref: 6094071E
                                                                                                            • sqlite3_free.SQLITE3 ref: 60940729
                                                                                                            • sqlite3_free.SQLITE3 ref: 6094073C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_log$sqlite3_finalize
                                                                                                            • String ID:
                                                                                                            • API String ID: 1159759059-0
                                                                                                            • Opcode ID: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                                            • Instruction ID: 8ceab58ab7f3fb7faec85fb80e78016d1f3d655de586deaf1cb04ee1bc4e3406
                                                                                                            • Opcode Fuzzy Hash: 19269ae46022e444f8470c890b78f38089a522c4155da373e534dfec766a18bc
                                                                                                            • Instruction Fuzzy Hash: C801E8B45447108BDB00AF78C4C5A59BBE5EF79B18F06096DECCA8B305D734D8809B91
                                                                                                            APIs
                                                                                                            • sqlite3_free.SQLITE3(?), ref: 609476DD
                                                                                                              • Part of subcall function 60904423: sqlite3_mutex_leave.SQLITE3(6090449D,?,?,?,60908270), ref: 60904446
                                                                                                            • sqlite3_log.SQLITE3 ref: 609498F5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_logsqlite3_mutex_leave
                                                                                                            • String ID: List of tree roots: $d$|
                                                                                                            • API String ID: 3709608969-1164703836
                                                                                                            • Opcode ID: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                            • Instruction ID: c91562837ba2d96ae21b52ab8334c840e7cbe23d8154f1acff92b465618a0bd4
                                                                                                            • Opcode Fuzzy Hash: 316fa83f4dc1e403b3b617744d66ff6f9af545e53e2752a9ff9486d467efffaf
                                                                                                            • Instruction Fuzzy Hash: 3FE10570A043698BDB22CF18C88179DFBBABF65304F1185D9E858AB251D775DE81CF81
                                                                                                            APIs
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                                                              • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 609600BA
                                                                                                            • sqlite3_column_text.SQLITE3 ref: 609600EF
                                                                                                            • sqlite3_free.SQLITE3 ref: 6096029A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_column_textsqlite3_freesqlite3_resetsqlite3_result_error_codesqlite3_step
                                                                                                            • String ID: e
                                                                                                            • API String ID: 786425071-4024072794
                                                                                                            • Opcode ID: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                            • Instruction ID: e80500568aa73e744b5c90812a7938b6c4ac38b40afb48beb036dafaf3e7d002
                                                                                                            • Opcode Fuzzy Hash: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                                                            • Instruction Fuzzy Hash: 6291E270A18609CFDB04CF99C494B9EBBF2BF98314F108529E869AB354D774E885CF91
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_exec
                                                                                                            • String ID: sqlite_master$sqlite_temp_master$|
                                                                                                            • API String ID: 2141490097-2247242311
                                                                                                            • Opcode ID: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                            • Instruction ID: 9143400cfb6dc20a8edc2ca7c04099347fc9d468871a1d2187ae3123f936d49a
                                                                                                            • Opcode Fuzzy Hash: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                                                            • Instruction Fuzzy Hash: C551B6B09083289BDB26CF18C885799BBFABF59304F108599E498A7351D775DA84CF41
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$memcmpsqlite3_realloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3422960571-0
                                                                                                            • Opcode ID: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                                            • Instruction ID: 3b390e38dde49c5924589a602beaf2ee173d98914be71c714148da16d267e2cf
                                                                                                            • Opcode Fuzzy Hash: 50eda45380483794e32bdd730fc6b6b580c41d30328003452ec2c22d7d846426
                                                                                                            • Instruction Fuzzy Hash: 42B1D0B4E142189BEB05CFA9C5807DDBBF6BFA8304F148429E858A7344D374E946CF91
                                                                                                            APIs
                                                                                                              • Part of subcall function 6090A0D5: sqlite3_free.SQLITE3 ref: 6090A118
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6094B1D1
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6094B24C
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 6094B272
                                                                                                            • sqlite3_value_blob.SQLITE3 ref: 6094B298
                                                                                                            • sqlite3_free.SQLITE3 ref: 6094B2C8
                                                                                                              • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                                                              • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                                                              • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                                                              • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_malloc$sqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_stepsqlite3_value_blobsqlite3_value_bytes
                                                                                                            • String ID:
                                                                                                            • API String ID: 683514883-0
                                                                                                            • Opcode ID: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                            • Instruction ID: 83940ce9cf0a2bab7a741171fc95cc3a005d2848f59039768723a80715f2adcb
                                                                                                            • Opcode Fuzzy Hash: 3036fcfce1ee653ed62d56f61367963e4d2afc4bfe1ca560103df060be3b8356
                                                                                                            • Instruction Fuzzy Hash: E19133B1A052099FCB04CFA9D490B9EBBF6FF68314F108569E855AB341DB34ED81CB91
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A200
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A391
                                                                                                            • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A3A3
                                                                                                            • sqlite3_free.SQLITE3 ref: 6093A3BA
                                                                                                            • sqlite3_free.SQLITE3 ref: 6093A3C2
                                                                                                              • Part of subcall function 6093A0C5: sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                              • Part of subcall function 6093A0C5: sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                              • Part of subcall function 6093A0C5: sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                              • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                              • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_free$sqlite3_mutex_enter
                                                                                                            • String ID:
                                                                                                            • API String ID: 1903298374-0
                                                                                                            • Opcode ID: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                            • Instruction ID: f6c450fbbadf2e04ab128defb7df19fdb2a161b4e6cf4e71623f80625393026f
                                                                                                            • Opcode Fuzzy Hash: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                                                            • Instruction Fuzzy Hash: EB513870A047218BDB58DF69C8C074AB7A6BF65318F05896CECA69B305D735EC41CF91
                                                                                                            APIs
                                                                                                              • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                                                            • sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                                                            • sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                                                            • sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                                            • String ID:
                                                                                                            • API String ID: 1894464702-0
                                                                                                            • Opcode ID: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                            • Instruction ID: 8ebadd1dc7ee404a0f141fd21885e91e0aa1156a5a6df10951b92a0b718128ce
                                                                                                            • Opcode Fuzzy Hash: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                                                            • Instruction Fuzzy Hash: CF313C70B086118BDB18DF79C8C1A1A7BFBBFB2704F148468E8418B219EB35DC419F91
                                                                                                            APIs
                                                                                                              • Part of subcall function 60925326: sqlite3_log.SQLITE3 ref: 60925352
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,609254CC), ref: 6092538E
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 609253C4
                                                                                                            • sqlite3_log.SQLITE3 ref: 609253E2
                                                                                                            • sqlite3_log.SQLITE3 ref: 60925406
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 60925443
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log$sqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                                            • String ID:
                                                                                                            • API String ID: 3336957480-0
                                                                                                            • Opcode ID: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                            • Instruction ID: a100dd02d465b32589d57b5b9efe4db3cd483c3b5de54de748c9b161d5d001e2
                                                                                                            • Opcode Fuzzy Hash: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                                                            • Instruction Fuzzy Hash: D3315A70228704DBDB00EF28D49575ABBE6AFA1358F00886DE9948F36DD778C885DB02
                                                                                                            APIs
                                                                                                            • sqlite3_result_blob.SQLITE3 ref: 609613D0
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 6096143A
                                                                                                            • sqlite3_data_count.SQLITE3 ref: 60961465
                                                                                                            • sqlite3_column_value.SQLITE3 ref: 60961476
                                                                                                            • sqlite3_result_value.SQLITE3 ref: 60961482
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_column_intsqlite3_column_valuesqlite3_data_countsqlite3_result_blobsqlite3_result_value
                                                                                                            • String ID:
                                                                                                            • API String ID: 3091402450-0
                                                                                                            • Opcode ID: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                            • Instruction ID: 8b12398a3b1f37ca0d2e1a8d549e1f0529ecbd38da511dd0edd3444da8e5cc4d
                                                                                                            • Opcode Fuzzy Hash: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                                                            • Instruction Fuzzy Hash: 72314DB19082058FDB00DF29C48064EB7F6FF65354F19856AE8999B361EB34E886CF81
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 251237202-0
                                                                                                            • Opcode ID: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                            • Instruction ID: 8e14962182cb4ba31828fc05f1b37fa5954e33605a362b2e641de35f96add61e
                                                                                                            • Opcode Fuzzy Hash: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                                                            • Instruction Fuzzy Hash: 022137B46087158BC709AF68C48570ABBF6FFA5318F10895DEC958B345DB74E940CB82
                                                                                                            APIs
                                                                                                            • sqlite3_aggregate_context.SQLITE3 ref: 6091A31E
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A349
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A356
                                                                                                            • sqlite3_value_text.SQLITE3 ref: 6091A37B
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A387
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                                                                            • String ID:
                                                                                                            • API String ID: 4225432645-0
                                                                                                            • Opcode ID: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                            • Instruction ID: 24a20a1669ecabf1c8c9e0f75de4e20f6480f0c3e20d7f4799920e66bb4c3c2a
                                                                                                            • Opcode Fuzzy Hash: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                                                            • Instruction Fuzzy Hash: 3F21CF71B086588FDB009F29C48075E7BE7AFA4254F0484A8E894CF305EB34DC86CB91
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 6090359D
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 609035E0
                                                                                                            • sqlite3_mutex_enter.SQLITE3(?,-00000200,?), ref: 609035F9
                                                                                                            • sqlite3_mutex_leave.SQLITE3(?,-00000200,?), ref: 60903614
                                                                                                            • sqlite3_free.SQLITE3(?,-00000200,?), ref: 6090361C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 251237202-0
                                                                                                            • Opcode ID: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                                            • Instruction ID: 98a7ce7f1ce2ff6a0e5ca4ca87ec4bf20a5c319c62b2fc6798152503390b0136
                                                                                                            • Opcode Fuzzy Hash: d176fa110bd2286076a254f1a84b89a7a2b75649dc4a807f2bdee778eef171d4
                                                                                                            • Instruction Fuzzy Hash: B211FE725186218BCB00EF7DC8C16197FE7FB66358F01491DE866D7362D73AD480AB42
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: ($string or blob too big$|
                                                                                                            • API String ID: 632333372-2398534278
                                                                                                            • Opcode ID: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                            • Instruction ID: 3c3a64a58f66130c0c9aec06ea77be0954bd7b4098f3428da06b6372deec6608
                                                                                                            • Opcode Fuzzy Hash: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                                                            • Instruction Fuzzy Hash: 5DC10CB5A043288FCB66CF28C981789B7BABB59304F1085D9E958A7345C775EF81CF40
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_stricmp
                                                                                                            • String ID: BINARY
                                                                                                            • API String ID: 912767213-907554435
                                                                                                            • Opcode ID: dd54eeba7b99beb4c129e1ce0ebb3c97c4d31291de79a9977aa1c0a9ff3222ee
                                                                                                            • Instruction ID: 142a1e9d4f1e8552d2c1f4074703eb5ae9f1e70d76b7ded3e689f9c37387bea1
                                                                                                            • Opcode Fuzzy Hash: dd54eeba7b99beb4c129e1ce0ebb3c97c4d31291de79a9977aa1c0a9ff3222ee
                                                                                                            • Instruction Fuzzy Hash: 11512AB8A142159FCF05CF68D580A9EBBFBBFA9314F208569D855AB318D335EC41CB90
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$Protect$Query
                                                                                                            • String ID: @
                                                                                                            • API String ID: 3618607426-2766056989
                                                                                                            • Opcode ID: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                            • Instruction ID: 11fd3fd6c91f2e29dbdaed7331fdf7a08ef8f1da01c53322037319a40d79a89e
                                                                                                            • Opcode Fuzzy Hash: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                                                            • Instruction Fuzzy Hash: 003141B5E15208AFEB14DFA9D48158EFFF5EF99254F10852AE868E3310E371D940CB52
                                                                                                            APIs
                                                                                                            • sqlite3_malloc.SQLITE3 ref: 60928353
                                                                                                              • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                                                            • sqlite3_realloc.SQLITE3 ref: 609283A0
                                                                                                            • sqlite3_free.SQLITE3 ref: 609283B6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                                            • String ID: d
                                                                                                            • API String ID: 211589378-2564639436
                                                                                                            • Opcode ID: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                            • Instruction ID: 0830c2115c9ea807631a831f7f1165b0ee40d8a8a94356aa67113494a68d5982
                                                                                                            • Opcode Fuzzy Hash: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                                                            • Instruction Fuzzy Hash: 222137B0A04205CFDB14DF59D4C078ABBF6FF69314F158469D8889B309E3B8E841CBA1
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: _Jv_RegisterClasses$libgcj-11.dll
                                                                                                            • API String ID: 1646373207-2713375476
                                                                                                            • Opcode ID: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                            • Instruction ID: e6822cb61b404b68644b44a252d8259deade1a358cfa59fcc717d95409d4d83a
                                                                                                            • Opcode Fuzzy Hash: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                                                            • Instruction Fuzzy Hash: 0DE04F7062D30586FB443F794D923297AEB5F72549F00081CD9929B240EBB4D440D753
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 2313487548-0
                                                                                                            • Opcode ID: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                                            • Instruction ID: 4e09bb13dd5a3c3c1d339de95b14bc5918580ae4e3dbdcf066e72e084d482625
                                                                                                            • Opcode Fuzzy Hash: 17c4197e66eccf8e4e539c70c01e6b2d08fb8491bcf73b2b2b780fd64eb57762
                                                                                                            • Instruction Fuzzy Hash: 15E14674928209EFDB04CF94D184B9EBBB2FF69304F208558D8956B259D774EC86CF81
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: sqlite_master$sqlite_sequence$sqlite_temp_master
                                                                                                            • API String ID: 0-1177837799
                                                                                                            • Opcode ID: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                                            • Instruction ID: e5240d50caebec33bd4ce83d4b9fb982fe545a794019e3d400788b6e3ec19482
                                                                                                            • Opcode Fuzzy Hash: b45b6970ebe54efa46efcb65f0e1138f7cff2b55d537d73117a3441f01693427
                                                                                                            • Instruction Fuzzy Hash: F7C13974B062089BDB05DF68D49179EBBF3AFA8308F14C42DE8899B345DB39D841CB41
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_mallocsqlite3_value_bytessqlite3_value_text
                                                                                                            • String ID:
                                                                                                            • API String ID: 1648232842-0
                                                                                                            • Opcode ID: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                            • Instruction ID: a01add595a6c287de5924383f0ed77e5cc34082cd65fcd393cbe5beac3228527
                                                                                                            • Opcode Fuzzy Hash: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                                                            • Instruction Fuzzy Hash: 4531C0B4A042058FDB04DF29C094B5ABBE2FF98354F1484A9EC498F349D779E846CBA0
                                                                                                            APIs
                                                                                                            • sqlite3_step.SQLITE3 ref: 609614AB
                                                                                                            • sqlite3_reset.SQLITE3 ref: 609614BF
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                                                              • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                                                            • sqlite3_column_int64.SQLITE3 ref: 609614D4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 3429445273-0
                                                                                                            • Opcode ID: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                            • Instruction ID: 62863439de2fabb71fd3664abc4fbfc11ff04353a6e6e3e42574d1c19fb7889d
                                                                                                            • Opcode Fuzzy Hash: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                                                            • Instruction Fuzzy Hash: AE316470A183408BEF15CF69C1C5749FBA6AFA7348F188599DC864F30AD375D884C752
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_snprintf$sqlite3_stricmpsqlite3_value_text
                                                                                                            • String ID:
                                                                                                            • API String ID: 1035992805-0
                                                                                                            • Opcode ID: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                                            • Instruction ID: 84d28b158f1a11e063f70be148de9c7b2eff514b3bcf7808f17aa895500be78a
                                                                                                            • Opcode Fuzzy Hash: 213593095aed0ecc64844f89ed1f3878beaaf7633e295caa013ed5846923251b
                                                                                                            • Instruction Fuzzy Hash: 8C3178B0A08324DFEB24CF28C481B4ABBF6FBA5318F04C499E4888B251C775D885DF42
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 609034D8
                                                                                                            • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903521
                                                                                                            • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 6090354A
                                                                                                            • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903563
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1477753154-0
                                                                                                            • Opcode ID: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                            • Instruction ID: 848dca46e936c6e01d33e08870ae11aa620bd8b24bdb606da7ea596206f2e213
                                                                                                            • Opcode Fuzzy Hash: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                                                            • Instruction Fuzzy Hash: 44111F726186218FDB00EF7DC8817597FEAFB66308F00842DE865E7362E779D8819741
                                                                                                            APIs
                                                                                                            • sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                              • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                            • sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 2673540737-0
                                                                                                            • Opcode ID: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                            • Instruction ID: c4988029ba64cfb2248a7cf0c790324acf4c13eb0f9cd3f15fdedc175ef3c91a
                                                                                                            • Opcode Fuzzy Hash: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                                                            • Instruction Fuzzy Hash: F9019276E143148BCB00EF79D88561ABFE7FBA5324F008528EC9497364E735DC408B81
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                                            • String ID:
                                                                                                            • API String ID: 3526213481-0
                                                                                                            • Opcode ID: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                            • Instruction ID: 98199466554994e62e20ad809be6129e3c08b78dd6d8c38fc18f61524e73aad2
                                                                                                            • Opcode Fuzzy Hash: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                                                            • Instruction Fuzzy Hash: 4101E9B5A043059BCB00EF69D485AAFBBF5EF68654F10C529EC9497304E774D841CF91
                                                                                                            APIs
                                                                                                            • sqlite3_prepare.SQLITE3 ref: 60969166
                                                                                                            • sqlite3_errmsg.SQLITE3 ref: 60969172
                                                                                                              • Part of subcall function 609258A8: sqlite3_log.SQLITE3 ref: 609258E5
                                                                                                            • sqlite3_errcode.SQLITE3 ref: 6096918A
                                                                                                              • Part of subcall function 609251AA: sqlite3_log.SQLITE3 ref: 609251E8
                                                                                                            • sqlite3_step.SQLITE3 ref: 60969197
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log$sqlite3_errcodesqlite3_errmsgsqlite3_preparesqlite3_step
                                                                                                            • String ID:
                                                                                                            • API String ID: 2877408194-0
                                                                                                            • Opcode ID: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                            • Instruction ID: d4ebd4c9a05a553e526e78eaaf80584f3afcfe73b3175c4c6dada352db343273
                                                                                                            • Opcode Fuzzy Hash: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                                                            • Instruction Fuzzy Hash: 9F0186B091C3059BE700EF29C88525DFBE9EFA5314F11892DA89987384E734C940CB86
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_blobsqlite3_value_bytes
                                                                                                            • String ID:
                                                                                                            • API String ID: 1163609955-0
                                                                                                            • Opcode ID: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                                            • Instruction ID: 8e0d1a1b7fe9adeaf330fda5a565ce202833de3a42fcd494fa905fee92021967
                                                                                                            • Opcode Fuzzy Hash: c446836a4840d302dbdc97fcf3f25a19881b43244be54ce00609cbc101420811
                                                                                                            • Instruction Fuzzy Hash: F6F0C8716282145FC3106F3994816697BE6DFA6758F0144A9F584CB314DB75CC82C742
                                                                                                            APIs
                                                                                                            • sqlite3_prepare_v2.SQLITE3 ref: 609615BA
                                                                                                            • sqlite3_step.SQLITE3 ref: 609615C9
                                                                                                            • sqlite3_column_int.SQLITE3 ref: 609615E1
                                                                                                              • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                                                            • sqlite3_finalize.SQLITE3 ref: 609615EE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_column_intsqlite3_finalizesqlite3_prepare_v2sqlite3_stepsqlite3_value_int
                                                                                                            • String ID:
                                                                                                            • API String ID: 4265739436-0
                                                                                                            • Opcode ID: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                                            • Instruction ID: 970f7a8085286b868af170b9ae73916577c28f03d50975cfa6e3c5bd991c66ad
                                                                                                            • Opcode Fuzzy Hash: edb1a347b7ee41d63e69a54b369763b34702b79c0c254a7699785c0090147395
                                                                                                            • Instruction Fuzzy Hash: BE01E4B0D083049BEB10EF69C58575EFBF9EFA5314F00896DE8A997380E775D9408B82
                                                                                                            APIs
                                                                                                            • sqlite3_initialize.SQLITE3 ref: 6092A638
                                                                                                              • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 6092A64F
                                                                                                            • strcmp.MSVCRT ref: 6092A66A
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6092A67D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_mutex_leavestrcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 1894734062-0
                                                                                                            • Opcode ID: 1480f87154849f1cdf239baa72c9ff1b5e3c835899009c68b4affe8256d9fce5
                                                                                                            • Instruction ID: 0dacd04717b96a229033e5bf385d74358d6efc238696297f04088f4a0acd15ee
                                                                                                            • Opcode Fuzzy Hash: 1480f87154849f1cdf239baa72c9ff1b5e3c835899009c68b4affe8256d9fce5
                                                                                                            • Instruction Fuzzy Hash: EBF0B4726243044BC7006F799CC164A7FAEEEB1298B05802CEC548B319EB35DC0297A1
                                                                                                            APIs
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 609084E9
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 60908518
                                                                                                            • sqlite3_mutex_enter.SQLITE3 ref: 60908528
                                                                                                            • sqlite3_mutex_leave.SQLITE3 ref: 6090855B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID:
                                                                                                            • API String ID: 1477753154-0
                                                                                                            • Opcode ID: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                            • Instruction ID: c41a4d3f3efa942db11cbd34a9101edfe28f26dd6f673ba1da0d5803e4a0adbd
                                                                                                            • Opcode Fuzzy Hash: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                                                            • Instruction Fuzzy Hash: FD01A4B05093048BDB40AF25C5D97CABBA5EF15718F0884BDEC894F34AD7B9D5448BA1
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: into$out of
                                                                                                            • API String ID: 632333372-1114767565
                                                                                                            • Opcode ID: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                            • Instruction ID: de20b162988cb891a2f8fbcf22309076e3e21d241eadb06c465d82de9f0e8d92
                                                                                                            • Opcode Fuzzy Hash: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                                                            • Instruction Fuzzy Hash: 91910170A043149BDB26CF28C88175EBBBABF65308F0481E9E858AB355D7B5DE85CF41
                                                                                                            APIs
                                                                                                              • Part of subcall function 60918408: sqlite3_value_text.SQLITE3 ref: 60918426
                                                                                                            • sqlite3_free.SQLITE3 ref: 609193A3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_freesqlite3_value_text
                                                                                                            • String ID: (NULL)$NULL
                                                                                                            • API String ID: 2175239460-873412390
                                                                                                            • Opcode ID: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                            • Instruction ID: 63658e955800b40111a930d2026d12727b3b294c4be858d68b3f7c51d7abf176
                                                                                                            • Opcode Fuzzy Hash: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                                                            • Instruction Fuzzy Hash: E3514B31F0825A8EEB258A68C89479DBBB6BF66304F1441E9C4A9AB241D7309DC6CF01
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: -- $d
                                                                                                            • API String ID: 632333372-777087308
                                                                                                            • Opcode ID: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                            • Instruction ID: d45f625f7ed72e8bd0cbe86fb5af212c953cff4c7e5ffbb26f6c4a79540968e1
                                                                                                            • Opcode Fuzzy Hash: 2197877c990d2cc598be623123ad695ba2ed3a88a0fc98749b4c643aad0a3996
                                                                                                            • Instruction Fuzzy Hash: FB51F674A043689BDB26CF28C980789BBFABF55304F1481D9E89CAB341C7759E85CF40
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: string or blob too big$|
                                                                                                            • API String ID: 632333372-330586046
                                                                                                            • Opcode ID: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                            • Instruction ID: 65a9847582dc10a4f4f17f1c4fc8d82f10366072c52f03016cacc5a11d353e3e
                                                                                                            • Opcode Fuzzy Hash: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                                                            • Instruction Fuzzy Hash: 4D51B9749083689BCB22CF28C985789BBF6BF59314F1086D9E49897351C775EE81CF41
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: d$|
                                                                                                            • API String ID: 632333372-415524447
                                                                                                            • Opcode ID: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                                            • Instruction ID: dac03e427e93f591f5d1737f90c886445feec93ea56e6f6f32424ebbe55d5cce
                                                                                                            • Opcode Fuzzy Hash: b41da94c8e0873fb31ce46b9bf1ec845f2d469f37e36bd2a55cc8f8885e561b5
                                                                                                            • Instruction Fuzzy Hash: 50510970A04329DBDB26CF19C981799BBBABF55308F0481D9E958AB341D735EE81CF41
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_logsqlite3_value_text
                                                                                                            • String ID: string or blob too big
                                                                                                            • API String ID: 2320820228-2803948771
                                                                                                            • Opcode ID: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                            • Instruction ID: 1f8da1134a73d261049fdcd83983d84c916c8a3f87851362e697cdb17b1d2bab
                                                                                                            • Opcode Fuzzy Hash: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                                                            • Instruction Fuzzy Hash: F631D9B0A083249BCB25DF28C881799B7FABF69304F0085DAE898A7301D775DE81CF45
                                                                                                            APIs
                                                                                                            • sqlite3_aggregate_context.SQLITE3 ref: 60914096
                                                                                                            • sqlite3_value_numeric_type.SQLITE3 ref: 609140A2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                                            • String ID:
                                                                                                            • API String ID: 3265351223-3916222277
                                                                                                            • Opcode ID: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                            • Instruction ID: a3c0f903ff645dd1c5a8146eaa2078e963ad6c1b8d1bbf61d5d4caeb1888773d
                                                                                                            • Opcode Fuzzy Hash: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                                                            • Instruction Fuzzy Hash: 19119EB0A0C6589BDF059F69C4D539A7BF6AF39308F0044E8D8D08B205E771CD94CB81
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_stricmp
                                                                                                            • String ID: log
                                                                                                            • API String ID: 912767213-2403297477
                                                                                                            • Opcode ID: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                            • Instruction ID: cbf508da25866b0a35bc2ca480d64d7c482f0664b0359b741109bd545b4f9ff5
                                                                                                            • Opcode Fuzzy Hash: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                                                            • Instruction Fuzzy Hash: FD11DAB07087048BE725AF66C49535EBBB3ABA1708F10C42CE4854B784C7BAC986DB42
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_strnicmp
                                                                                                            • String ID: SQLITE_
                                                                                                            • API String ID: 1961171630-787686576
                                                                                                            • Opcode ID: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                            • Instruction ID: 6d5ef3c0fd507030b5e8170497320435726bf3f0db30f2d6f2734bcd7f756fb3
                                                                                                            • Opcode Fuzzy Hash: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                                                            • Instruction Fuzzy Hash: 2501D6B190C3505FD7419F29CC8075BBFFAEBA5258F10486DE89687212D374DC81D781
                                                                                                            APIs
                                                                                                            • sqlite3_value_bytes.SQLITE3 ref: 6091A1DB
                                                                                                            • sqlite3_value_blob.SQLITE3 ref: 6091A1FA
                                                                                                            Strings
                                                                                                            • Invalid argument to rtreedepth(), xrefs: 6091A1E3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_value_blobsqlite3_value_bytes
                                                                                                            • String ID: Invalid argument to rtreedepth()
                                                                                                            • API String ID: 1063208240-2843521569
                                                                                                            • Opcode ID: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                            • Instruction ID: c9489564a96cd83e586e3a08c251b8a8c74d553169181c25a19da25ffef599d7
                                                                                                            • Opcode Fuzzy Hash: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                                                            • Instruction Fuzzy Hash: 0FF0A4B2A0C2589BDB00AF2CC88255577A6FF24258F1045D9E9858F306EB34DDD5C7D1
                                                                                                            APIs
                                                                                                            • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561D7
                                                                                                              • Part of subcall function 6092A43E: sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                                                              • Part of subcall function 6092A43E: sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                                                              • Part of subcall function 6092A43E: sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                                                              • Part of subcall function 6092A43E: sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                                                            • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561EB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_soft_heap_limit64$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                            • String ID: soft_heap_limit
                                                                                                            • API String ID: 1251656441-405162809
                                                                                                            • Opcode ID: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                            • Instruction ID: 8891d4bbc0f5aef5547f00e3070395c34840fc2012d087b050684f6162b0ba7d
                                                                                                            • Opcode Fuzzy Hash: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                                                            • Instruction Fuzzy Hash: C2014B71A083188BC710EF98D8417ADB7F2BFA5318F508629E8A49B394D730DC42CF41
                                                                                                            APIs
                                                                                                            • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 6092522A
                                                                                                            • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 60925263
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: sqlite3_log
                                                                                                            • String ID: NULL
                                                                                                            • API String ID: 632333372-324932091
                                                                                                            • Opcode ID: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                            • Instruction ID: 5a36de60e8574ea04015b231464f09686a41744340efbe7a8a869d8181b3dc96
                                                                                                            • Opcode Fuzzy Hash: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                                                            • Instruction Fuzzy Hash: BAF0A070238301DBD7102FA6E44230E7AEBABB0798F48C43C95A84F289D7B5C844CB63
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeavefree
                                                                                                            • String ID:
                                                                                                            • API String ID: 4020351045-0
                                                                                                            • Opcode ID: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                                            • Instruction ID: 980a39aab3b848caec2c27f45d5308e77b440585e3cd6ccd446b63c63d51e1b6
                                                                                                            • Opcode Fuzzy Hash: 13d179c58506242de641c1793229aaf6d73ae3266bd26a3d41fb94aeb54caf06
                                                                                                            • Instruction Fuzzy Hash: 2D018070B293058BDB10DF28C985919BBFBABB6308B20855CE499D7355D770DC80EB62
                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4DF
                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4F5
                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4FD
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D520
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.3482351949.0000000060901000.00000020.00000001.01000000.0000000A.sdmp, Offset: 60900000, based on PE: true
                                                                                                            • Associated: 00000005.00000002.3482313536.0000000060900000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482451846.000000006096E000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482488351.000000006096F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482530345.000000006097B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482586644.000000006097D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            • Associated: 00000005.00000002.3482633348.0000000060980000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_60900000_videominimizer32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 682475483-0
                                                                                                            • Opcode ID: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                            • Instruction ID: 6dd43474153c21470d2d90641e64b96ed0da30414b2d41baa8b5e8831fa3fcb2
                                                                                                            • Opcode Fuzzy Hash: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                                                            • Instruction Fuzzy Hash: 9AF0F972A163104BEB10AF659CC1A5A7BFDEFB1218F100048FC6197354E770DC40D6A2